LogLevel info ServerName {{ ansible_fqdn }} ServerAdmin {{ cups_server_admin }} {% if cups_server_aliases %} ServerAlias {{ cups_server_aliases | join(' ') }} {% endif %} # Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation. MaxLogSize 1m # Default error policy for printers ErrorPolicy retry-job # Only listen for connections from the local machine. Listen 631 Listen /run/cups/cups.sock SSLPort 443 # Show shared printers on the local network. Browsing Off BrowseLocalProtocols none # Default authentication type, when authentication is required... # Kerberos appears to be broken in cups >=2.2: # https://github.com/apple/cups/issues/5596 DefaultAuthType Basic DefaultEncryption Required DefaultShared yes # Web interface setting... WebInterface Yes # Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l) IdleExitTimeout 0 # Restrict access to the server... Order allow,deny Allow from All # Restrict access to the admin pages... AuthType Default Allow from All Require user @SYSTEM Order allow,deny # Set the default printer/job policies... # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default # Job-related operations must be done by the owner or an administrator... Order deny,allow Require user @OWNER @SYSTEM Order deny,allow # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # Only the owner or an administrator can cancel or authenticate a job... Require user @OWNER @SYSTEM Order deny,allow Order deny,allow