---
# die Variablen kommen aus
# - https://docs.gitea.com/administration/command-line
# - https://github.com/lldap/lldap/blob/main/example_configs/gitea.md
# und
# den jeweiligen group/host-Vars!
- name: Ensure Admin-User exists
  no_log: true
  become_user: gitea
  become: true
  ansible.builtin.command: |
    forgejo admin user create \
      --config /etc/gitea/gitea.ini
      --username "{{ gitea_admin_user }}" \
      --password "{{ gitea_admin_user_pass }}" \
      --email "{{ gitea_admin_user }}@mgrote.net" \
      --admin
  register: setup_admin
  ignore_errors: true
  failed_when: 'not "Command error: CreateUser: user already exists [name: mg]" in setup_admin.stderr' # fail Task wenn LDAP schon konfiguriert ist
  changed_when: "setup_admin.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet
...