diff --git a/roles/server/defaults/main.yml b/roles/server/defaults/main.yml
index 7f081ef..db598c8 100644
--- a/roles/server/defaults/main.yml
+++ b/roles/server/defaults/main.yml
@@ -13,3 +13,7 @@ server_openvpn_passfile: '{{ server_openvpn_directory }}/cert.pwd'
 server_openvpn_crl: '{{ server_openvpn_directory }}/crl.pem'
 server_openvpn_dhfile: '{{ server_openvpn_directory }}/dh2048.pem'
 server_openvpn_tlsauth: '{{ server_openvpn_directory }}/tls-auth.key'
+
+server_openvpn_signing_file: '/etc/apt/keyrings/openvpn-repo-public.asc'
+server_openvpn_repo_url: 'https://build.openvpn.net/debian/openvpn/stable'
+server_openvpn_source_line: 'deb [arch=amd64 signed-by={{ server_openvpn_signing_file }}] {{ server_openvpn_repo_url }} {{ ansible_distribution_release }} main'
diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml
index d378ab5..528928e 100644
--- a/roles/server/tasks/main.yml
+++ b/roles/server/tasks/main.yml
@@ -5,13 +5,16 @@
       become: true
       ansible.builtin.get_url:
         url: 'https://swupdate.openvpn.net/repos/repo-public.gpg'
-        dest: '/etc/apt/keyrings/openvpn-repo-public.asc'
+        dest: '{{ server_openvpn_signing_file }}'
+        owner: 'root'
+        group: 'root'
+        mode: 'u=rw,g=r,o=r'
 
     - name: 'Add the actual repo'
       become: true
       ansible.builtin.apt_repository:
-        repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/openvpn-repo-public.asc] https://build.openvpn.net/debian/openvpn/stable {{ ansible_distribution_release }} main"
-        state: present
+        repo: '{{ server_openvpn_source_line }}'
+        state: 'present'
 
 - name: 'Install server software and kernel module'
   become: true
@@ -86,7 +89,7 @@
     owner: 'root'
     group: 'root'
     mode: 'u=rw,g=r,o=r'
-  notify: 
+  notify:
     - 'Reload openvpn services'
     - 'Restart openvpn server'