LogLevel info
ServerName {{ ansible_fqdn }}
ServerAdmin {{ cups_server_admin }}
{% if cups_server_aliases %}
ServerAlias {{ cups_server_aliases | join(' ') }}
{% endif %}
# Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation.
MaxLogSize 1m
# Default error policy for printers
ErrorPolicy retry-job
# Only listen for connections from the local machine.
Listen 631
Listen /run/cups/cups.sock
SSLPort 443
# Show shared printers on the local network.
Browsing Off
BrowseLocalProtocols none
# Default authentication type, when authentication is required...
# Kerberos appears to be broken in cups >=2.2:
# https://github.com/apple/cups/issues/5596
DefaultAuthType Basic
DefaultEncryption Required
DefaultShared yes
# Web interface setting...
WebInterface Yes
# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
IdleExitTimeout 0
# Restrict access to the server...
Order allow,deny
Allow from All
# Restrict access to the admin pages...
AuthType Default
Allow from All
Require user @SYSTEM
Order allow,deny
# Set the default printer/job policies...
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
Order deny,allow
Require user @OWNER @SYSTEM
Order deny,allow
# All administration operations require an administrator to authenticate...
AuthType Default
Require user @SYSTEM
Order deny,allow
# All printer operations require a printer operator to authenticate...
AuthType Default
Require user @SYSTEM
Order deny,allow
# Only the owner or an administrator can cancel or authenticate a job...
Require user @OWNER @SYSTEM
Order deny,allow
Order deny,allow