diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..3e2a031
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+    "yaml.schemas": {
+        "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json": "file:///Users/ludal/Repositories/brainsys/ansible-roles/haproxy/tasks/requirements.yml"
+    }
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 50ba0ff..2072a23 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,65 @@
 # haproxy
 
+The present role:
+- install HAProxy
+- push a default configuration file
+- generate a self-signed certificate
+
+By default, HAProxy will be installed from Debian backports repository, but you can optionnaly choose to install it from HAPRoxy's Debian repository (and choose the version).
+Configuration file could also be overrided.
+
+## Optional: Use HAProxy's official Debian repository
+
+You can enable installation from the official [HAProxy Debian repository](https://haproxy.debian.net/) by setting the following variable in your playbook or inventory:
+
+```yaml
+haproxy_use_debian_repo: true
+```
+
+You can also override the following variables if needed:
+
+```yaml
+haproxy_debian_repo_url: 'http://haproxy.debian.net'
+haproxy_debian_repo_distribution: '{{ ansible_distribution_release }}'
+haproxy_debian_repo_component: 'main'
+haproxy_debian_repo_key_url: 'https://haproxy.debian.net/bernat.debian.org.gpg'
+haproxy_version: '3.2'  # default version
+```
+
+The apt source line will look like:
+
+```
+deb [signed-by=/usr/share/keyrings/haproxy.debian.net.gpg] http://haproxy.debian.net bookworm-backports-3.2 main
+```
+
+By default, the role installs HAProxy from Debian backports. If you enable the repository, it will be added and HAProxy will be installed from there.
+
+## Overriding the HAProxy configuration file
+
+If you want to use your own configuration file (outside the role), set the variable `haproxy_custom_configuration_file` to the path of your file. The role will copy it to `/etc/haproxy/haproxy.cfg` instead of rendering the template.
+
+Example:
+
+```yaml
+haproxy_custom_configuration_file: '/path/to/my/haproxy.cfg'
+```
+
+If not set, the default template `haproxy.cfg.j2` will be used.
+
+You can enable installation from the official [HAProxy Debian repository](https://haproxy.debian.net/) by setting the following variable in your playbook or inventory:
+
+```yaml
+haproxy_use_debian_repo: true
+```
+
+You can also override the following variables if needed:
+
+```yaml
+haproxy_debian_repo_url: 'http://haproxy.debian.net'
+haproxy_debian_repo_distribution: '{{ ansible_distribution_release }}'
+haproxy_debian_repo_component: 'main'
+haproxy_debian_repo_key_url: 'https://haproxy.debian.net/haproxy-archive-keyring.gpg'
+```
+
+By default, the role installs HAProxy from Debian backports. If you enable the repository, it will be added and HAProxy will be installed from there.
+
diff --git a/defaults/main.yml b/defaults/main.yml
index 20513dc..f598e54 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,3 +9,11 @@ haproxy_ssl_self_signed_domains:
 haproxy_accept_warnings: yes
 
 haproxy_bind_ip: '*'
+
+# Optional: Use HAProxy's official Debian repository
+haproxy_use_debian_repo: false
+haproxy_debian_repo_url: 'http://haproxy.debian.net'
+haproxy_debian_repo_distribution: '{{ ansible_distribution_release }}'
+haproxy_debian_repo_component: 'main'
+haproxy_debian_repo_key_url: 'https://haproxy.debian.net/haproxy-archive-keyring.gpg'
+haproxy_version: '3.2'
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 00fccce..7c794ec 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -22,7 +22,19 @@
   notify:
     - haproxy restart
 
-- name: haproxy | copy configuration file
+- name: haproxy | copy custom configuration file
+  copy:
+    src: "{{ haproxy_custom_configuration_file }}"
+    dest: '/etc/haproxy/haproxy.cfg'
+    owner: root
+    group: root
+    mode: '0440'
+    validate: 'haproxy -f %s -c {% if haproxy_accept_warnings %}-q{% endif %}'
+  when: haproxy_custom_configuration_file is defined
+  notify:
+    - haproxy reload
+
+- name: haproxy | copy default configuration file
   template:
     src: haproxy.cfg.j2
     dest: '/etc/haproxy/haproxy.cfg'
@@ -30,5 +42,6 @@
     group: root
     mode: '0440'
     validate: 'haproxy -f %s -c {% if haproxy_accept_warnings %}-q{% endif %}'
+  when: haproxy_custom_configuration_file is not defined
   notify:
     - haproxy reload
diff --git a/tasks/install.yml b/tasks/install.yml
deleted file mode 100644
index d6e1464..0000000
--- a/tasks/install.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-- name: haproxy | installation
-  apt:
-    name: haproxy
-    state: present
-    default_release: "{{ ansible_distribution_release }}-backports"
-
diff --git a/tasks/requirements.yml b/tasks/install_from_backports.yml
similarity index 54%
rename from tasks/requirements.yml
rename to tasks/install_from_backports.yml
index 66aa666..a0a29a3 100644
--- a/tasks/requirements.yml
+++ b/tasks/install_from_backports.yml
@@ -1,11 +1,13 @@
 ---
-- name: haproxy | add backports repository
+- name: haproxy | add Debian backports repository
   apt_repository:
     repo: deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main
     state: present
     filename: "{{ ansible_distribution_release }}-backports"
-
-- name: haproxy | update apt cache
-  apt:
     update_cache: yes
-    cache_valid_time: 86400
+
+- name: haproxy | installation
+  apt:
+    name: haproxy
+    state: present
+    default_release: "{{ ansible_distribution_release }}-backports"
diff --git a/tasks/install_from_haproxy.yml b/tasks/install_from_haproxy.yml
new file mode 100644
index 0000000..e2fff65
--- /dev/null
+++ b/tasks/install_from_haproxy.yml
@@ -0,0 +1,20 @@
+---
+- name: haproxy | add HAProxy Debian repository key
+  ansible.builtin.get_url:
+    url: "{{ haproxy_debian_repo_key_url }}"
+    dest: /etc/apt/keyrings/haproxy-archive-keyring.gpg
+    mode: '0644'
+
+- name: haproxy | add HAProxy Debian repository
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/haproxy-archive-keyring.gpg] {{ haproxy_debian_repo_url }} {{ haproxy_debian_repo_distribution }}-backports-{{ haproxy_version }} {{ haproxy_debian_repo_component }}"
+    state: present
+    filename: 'haproxy'
+    update_cache: yes
+
+- name: haproxy | install HAProxy from HAProxy Debian repo
+  ansible.builtin.apt:
+    name: haproxy
+    state: present
+    update_cache: yes
+    default_release: "{{ haproxy_debian_repo_distribution }}-backports-{{ haproxy_version }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index dc4c819..80207a6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,10 +1,11 @@
 ---
-- name: haproxy | requirements
-  include_tasks: requirements.yml
+- name: haproxy | install from backports
+  include_tasks: install_from_backports.yml
+  when: not haproxy_use_debian_repo | bool
 
-- name: haproxy | installation
-  include_tasks: install.yml
+- name: haproxy | install from HAProxy repo
+  include_tasks: install_from_haproxy.yml
+  when: haproxy_use_debian_repo | bool
 
 - name: haproxy | configuration
   include_tasks: configure.yml
-