cups_server: Fix authentication and authorization

roles/cups_server/tasks/main.yml

@@ -15,7 +15,9 @@
 - name: Configure cups keytab location
   ansible.builtin.copy:
     dest: /etc/systemd/system/cups.service.d/keytab.conf
-    content: "[Service]\nEnvironment=KRB5_KTNAME=FILE:/etc/cups/cups.keytab\n"
+    content: |
+      [Service]
+      Environment=KRB5_KTNAME=FILE:/etc/cups/cups.keytab
     mode: "0644"
     owner: root
     group: "{{ ansible_wheel }}"
@@ -38,7 +40,7 @@
   ansible.builtin.lineinfile:
     path: /etc/cups/cupsd.conf
     line: "SSLListen 631"
-    insertafter: "Listen /var/run/cups/cups.sock"
+    insertafter: "^Listen .*.sock"
   notify: Restart cups
 
 - name: Require tls 1.3
@@ -94,10 +96,18 @@
 - name: Disable unauthenticated access from cups
   ansible.builtin.blockinfile:
     path: /etc/cups/cupsd.conf
-    insertafter: "^<Location />"
+    marker: "{mark}"
-    block: |
+    marker_begin: "<Location />"
-      AuthType Default
+    marker_end: "</Location>"
-      Require user @foosh
+    block: |2
+        AuthType Default
+        Require group foosh
+        Order deny,allow
+      </Location>
+      <Location /admin>
+        AuthType Default
+        Require group sysadm
+        Order deny,allow
   notify: Restart cups
 
 - name: Configure cups admin group