diff --git a/defaults/main.yml b/defaults/main.yml
index b630f6cccb1605a6cce3cf897fcd49d5a830646b..c34a0a12c25d6013517cda762cae82caed23bb71 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -28,9 +28,9 @@ gitlab:
     auto_link_ldap_user: 'true'
     providers: []
   upload_size_max: 128M
-  mail: {}
-    #from: 'git@domain'
-    #reply_to: 'git@domain'
+  mail:
+    from: ~
+    reply_to: ~
   smtp:
     enabled: false
     server: ~
diff --git a/templates/gitlab.rb.j2 b/templates/gitlab.rb.j2
index 79d85e7b272704915b6418a0a04e0b810463a1fe..91c49e366aeb3b17dc9ac71a5207f53d39db69ac 100644
--- a/templates/gitlab.rb.j2
+++ b/templates/gitlab.rb.j2
@@ -1403,10 +1403,17 @@ pages_external_url "{{ gitlab.pages_external_url }}"
 gitlab_pages['enable'] = true
 
 ##! Configure to expose GitLab Pages on external IP address, serving the HTTP
+{% if gitlab.pages_listen %}
 gitlab_pages['external_http'] = {{ gitlab.pages_listen|to_json }}
+{% endif %}
 
 ##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
+{% if gitlab.pages_listen_ssl %}
 gitlab_pages['external_https'] = {{ gitlab.pages_listen_ssl|to_json }}
+{% endif %}
+
+##! Listen for requests forwarded by reverse proxy
+gitlab_pages['listen_proxy'] = '{{ gitlab.pages_listen_proxy }}'
 
 ##! Configure to use the default list of cipher suites
 # gitlab_pages['insecure_ciphers'] = false
@@ -1429,9 +1436,6 @@ gitlab_pages['external_https'] = {{ gitlab.pages_listen_ssl|to_json }}
 # gitlab_pages['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
 # gitlab_pages['sentry_environment'] = 'production'
 
-##! Listen for requests forwarded by reverse proxy
-gitlab_pages['listen_proxy'] = '{{ gitlab.pages_listen_proxy }}'
-
 ##! Configure GitLab Pages to use an HTTP Proxy
 # gitlab_pages['http_proxy'] = "http://example:8080"
 
@@ -1473,7 +1477,9 @@ gitlab_pages['access_control'] = true
 # gitlab_pages['gitlab_client_jwt_expiry'] = "30s"
 
 ##! Define custom gitlab-pages HTTP headers for the whole instance
+{% if gitlab.pages_headers %}
 gitlab_pages['headers'] = {{ gitlab.pages_headers|to_json }}
+{% endif %}
 
 ##! Shared secret used for authentication between Pages and GitLab
 # gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
diff --git a/vars/main.yml b/vars/main.yml
index 483c7bf5eaba8997e916e947aad5f60c2313da39..627ac68ac623c78298395ee1ec74d74f91264c9e 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -33,5 +33,7 @@ packages:
     "python3-systemd": {}
   repos:
     gitlab:
-      url: "deb https://packages.gitlab.com/gitlab/gitlab-ce/{{ ansible_distribution|lower }} {{ ansible_distribution_release|lower }} main"
-      key: "\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBF5dI2sBEACyGx5isuXqEV2zJGIx8rlJFCGw6A9g5Zk/9Hj50UpXNuOXlvQl\n7vq91m2CAh88Jad7OiMHIJJhX3ZJEOf/pUx/16QKumsaEyBk9CegxUG9jAQXsjL3\nWLyP0/l27UzNrOAFB+IUGjsoP+32gsSPiF5P485mirIJNojIAFzDQl3Uo4FbvqYU\n9AIRk5kV4nEYz1aKXAovIUsyqrztMtwlAG2xqdwVpGD2A4/w8I143qPGjjhEQmf4\n/EeS4CP9ztyLAx+01t2Acwa7Bygsb5KQPuT25UlevuxdDy/Rd5Zn/Lzwr2GQqjUs\n6GbM0t1HYjh57e4V+p0qMf6jxXfrDCbehgzFvGS0cx/d7hWHm5sXZIt3gxpjBQU2\n8MQWtrR8Y3nTBkCHwOKsXdsdD+YHxTq/yuvxl1Bcyshp29cGWv1es3wn2Z6i9tWe\nasGfVewJZiXFSEqSBGguEmLyCAZcWgXvHOV2kc66wG4d4TGIxmoo9GBqEtBftCVH\nMGDHt7zeg2hg6EIsx8/nj1duO5nBnbnik5iG8Xv46e/aw2p4DfTdfxHpjvyJudyN\n+UI5eSuuuXhyTZWedd5K1Q3+0CmACJ39t/NA6g7cZaw3boFKw3fTWIgOVTvC3y5v\nd7wsuyGUk9xNhHLcu6HjB4VPGzcTwQWMFf6+I4qGAUykU5mjTJchQeqmQwARAQAB\ntEJHaXRMYWIgQi5WLiAocGFja2FnZSByZXBvc2l0b3J5IHNpZ25pbmcga2V5KSA8\ncGFja2FnZXNAZ2l0bGFiLmNvbT6JAlQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYC\nAwECHgECF4AWIQT2QD9lRKOIY9qgtuA/AWGKUTEvPwUCYh+nqQUJB4TrPgAKCRA/\nAWGKUTEvP3FqD/wKSy4uLaCTBSoDWJ8tUETp2x1P3905zGW8RZvipBX/z1kopb0B\n1do4kDFMCv95eLxQAWIYsUoObOi2mocxnUGaxVtw/xCGQr176q98rw+lWaD1/4Ju\nRfDOZlw26CI/35jd8OfpVbZMBHhWu63daR5J2PIlZzeda8QiAbZgvf+88BgIENPm\nDVhmCQaGl1U/+vTckgTjChw8nWnW3pgB/1cWXaFex+8omu5HG4Q7/Xe0qc6ExEk2\ncRlhZIpPu3NeAuxE7CxImKMxQ7PdhBPF11UdYrfCauSR2fA54HVSbE63JlzrsPlW\nPTTpOjoVbYAODh5CaIuQU3iNSJjW4tskjxbe0WJtrfYzvshkHqs8H+41eA34q39r\nO9ZvqsWX9BBjQ7p3Lc0RxNatcsYs4VsN/F+zp3lUxz0yuO1WX1DQgySoaFUEZx4R\n3XEq6tk1ODroCBOKMTwRDGGcqcp8q+/rtBOGQK+sKdaQ+eLCCQOuNSpTk60/j9OZ\nlsK/4rlMTXmAs1p4ic0Cmx8OBAJr3i0xRNlsGlRLPoD6lCdbtYKFWgzMCA6qCBCZ\nXN44qiuLePYzdIL2HbFqA7Z2tngXJcFpd/ozjzB1j9TmgfZmAvAnW8oJ0bbVijrA\nf23XQ7mNpaDEI/ZlzPbT9w6F4TFyr57XZfORPBQuWJX+dkZp+rIKjgj0nbkCDQRe\nXSNrARAApHc0R4tfPntr5bhTuXU/iVLyxlAlzdEv1XsdDC8YBYehT72Jpvpphtq7\nsKVsuC59l8szojgO/gW//yKSuc3Gm5h58+HpIthjviGcvZXf/JcN7Pps0UGkLeQN\n2+IRZgbA6CAAPh2njE60v5iXgS91bxlSJi8GVHq1h28kbKQeqUYthu9yA2+8J4Fz\nivYV2VImKLSxbQlc86tl6rMKKIIOph+N4WujJgd5HZ80n2qp1608X3+9CXvtBasX\nVCI2ZqCuWjffVCOQzsqRbJ6LQyMbgti/23F4Yqjqp+8eyiDNL6MyWJCBbtkW3Imi\nFHfR0sQIM6I7fk0hvt9ljx9SG6az/s3qWK5ceQ7XbJgCAVS4yVixfgIjWvNE5ggE\nQNOmeF9r76t0+0xsdMYJR6lxdaQI8AAYaoMXTkCXX2DrASOjjEP65Oq/d42xpSf9\ntG6XIq+xtRQyFWSMc+HfTlEHbfGReAEBlJBZhNoAwpuDckOC08vw7v2ybS5PYjJ4\n5Kzdwej0ga03Wg9hrAFd/lVa5eO4pzMLuexLplhpIbJjYwCUGS4cc/LQ2jq4fue5\noxDpWPN+JrBH8oyqy91b10e70ohHppN8dQoCa79ySgMxDim92oHCkGnaVyULYDqJ\nzy0zqbi3tJu639c4pbcggxtAAr0I3ot8HPhKiNJRA6u8HTm//xEAEQEAAYkCPAQY\nAQoAJgIbDBYhBPZAP2VEo4hj2qC24D8BYYpRMS8/BQJiH6gUBQkHhOupAAoJED8B\nYYpRMS8/My8P/jiAO4fMolJjJBrR+ibp/rrAsT4pwc4org20I9SobD6P9rBxBfg6\n50x/cwL7J4pS+rz32xw7gTmZd/u5G/+As7f+7jCLu87nWURNfXOC761FoYcOJ7rv\n0+bqRmsq8TchuYiYkvzh749g/Ysu/D18VYouC6yXQNISRIFt5zFzMPlvX/Ted17t\nNsxc1emGHHwrAcBJQNaSumhdYtxaFCtmsg15YInZ7Dq/SatqJX5/um2aXSI3MjWV\nglPDvxkVtGKXjDQjQ0QClgnfCvFNtWlIGEerA2OKm2N79/PeCWFcc0RWd/AVZOuu\nU0PLgTkzTeRMjFB8gP7wIrNrUWRJoc14QN3f2JMdb6WNeRQA/sP1pKqgQGiOpkJv\nMG4j4lHZsb1o09FG0PV6dg1p+6XzCcj/2lnrEhXAilLOWJiY16CS/0/Bh8Fm8/3t\nSTPFY8nPzJ3AFflFTSweSgmwMA7ZohpGmLns2suNqmx4160rhGqzd0b0unAg6EK1\n0ZI6sVKb/Bgu0jJm7fgzvlnaeIdql4F6wruQyqMhhMCWKtcXj3mPFi8k5jVPLoFg\nf7wd1UIQJGgzoTUKc1tl8+tV6wd3mu2jrdCTxVIxgv2TEqFa931IjVJ6tH/ui7MQ\nf0I/rBuHfoD3mK9rYR2sDNhkwlac3PMobeK1QepKJgBCmLxfr7nSarzL\n=f3Ok\n-----END PGP PUBLIC KEY BLOCK-----"
+      url: "https://packages.gitlab.com/gitlab/gitlab-ce/{{ ansible_distribution|lower }} {{ ansible_distribution_release|lower }} main"
+      keyurl: https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
+      keychecksum: "sha256:d283e2839ad711988ea57307d88cced142dfc67f27cc50ec3158a3978ad66bb5"
+      keyarmored: true