diff --git a/roles/cups-server/files/cupsd.conf b/roles/cups-server/files/cupsd.conf
new file mode 100644
index 0000000..085705c
--- /dev/null
+++ b/roles/cups-server/files/cupsd.conf
@@ -0,0 +1,153 @@
+#
+# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
+# complete description of this file.
+#
+
+# Log general information in error_log - change "warn" to "debug"
+# for troubleshooting...
+LogLevel warn
+PageLogFormat
+
+# Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation.
+MaxLogSize 0
+
+# Default error policy for printers
+ErrorPolicy retry-job
+
+# Only listen for connections from the local machine.
+Listen 0.0.0.0:631
+Listen /run/cups/cups.sock
+
+# Show shared printers on the local network.
+Browsing Yes
+BrowseLocalProtocols dnssd
+
+# Default authentication type, when authentication is required...
+DefaultAuthType Basic
+
+# Web interface setting...
+WebInterface Yes
+
+# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
+IdleExitTimeout 60
+
+# Restrict access to the server...
+
+ Order allow,deny
+ Allow localhost
+ Allow 192.168.50.*
+
+
+# Restrict access to the admin pages...
+
+ Order allow,deny
+
+
+# Restrict access to configuration files...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order allow,deny
+
+
+# Restrict access to log files...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order allow,deny
+
+
+# Set the default printer/job policies...
+
+ # Job/subscription privacy...
+ JobPrivateAccess default
+ JobPrivateValues default
+ SubscriptionPrivateAccess default
+ SubscriptionPrivateValues default
+
+ # Job-related operations must be done by the owner or an administrator...
+
+ Order deny,allow
+
+
+
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+
+ AuthType Default
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+ # All administration operations require an administrator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # All printer operations require a printer operator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # Only the owner or an administrator can cancel or authenticate a job...
+
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+
+ Order deny,allow
+
+
+
+# Set the authenticated printer/job policies...
+
+ # Job/subscription privacy...
+ JobPrivateAccess default
+ JobPrivateValues default
+ SubscriptionPrivateAccess default
+ SubscriptionPrivateValues default
+
+ # Job-related operations must be done by the owner or an administrator...
+
+ AuthType Default
+ Order deny,allow
+
+
+
+ AuthType Default
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+ # All administration operations require an administrator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # All printer operations require a printer operator to authenticate...
+
+ AuthType Default
+ Require user @SYSTEM
+ Order deny,allow
+
+
+ # Only the owner or an administrator can cancel or authenticate a job...
+
+ AuthType Default
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+
+
+
+ Order deny,allow
+
+
diff --git a/roles/cups-server/tasks/install.yml b/roles/cups-server/tasks/install.yml
new file mode 100644
index 0000000..b687831
--- /dev/null
+++ b/roles/cups-server/tasks/install.yml
@@ -0,0 +1,15 @@
+---
+- become: yes
+ block:
+ - name: install needed packages
+ apt:
+ update_cache: yes
+ pkg:
+ - cups
+ - printer-driver-dymo
+
+ - name: add current user to lpadmin group
+ user:
+ name: "{{ ansible_user_id }}"
+ append: yes
+ groups: lpadmin
diff --git a/roles/cups-server/tasks/main.yml b/roles/cups-server/tasks/main.yml
new file mode 100644
index 0000000..52b260f
--- /dev/null
+++ b/roles/cups-server/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- import_tasks: install.yml