diff --git a/templates/etc/pve/domains.cfg.j2 b/templates/etc/pve/domains.cfg.j2
index c2e67fc..7760700 100644
--- a/templates/etc/pve/domains.cfg.j2
+++ b/templates/etc/pve/domains.cfg.j2
@@ -4,22 +4,22 @@
 pam: {{ pve_auth_pam_realm }}
     comment {{ pve_auth_pam_description }}
     default {{ 1 if pve_auth_pam_is_default else 0 }}
-    {% if pve_auth_pam_tfa_oath_enabled and not pve_auth_pam_tfa_yubico_enabled %}
+    {% if pve_auth_pam_tfa_oath_enabled and not pve_auth_pam_tfa_yubico_enabled -%}
     tfa type=oath,step={{ pve_auth_pam_tfa_oath_timestep }},digits={{ pve_auth_pam_tfa_oath_pwlength }}
-    {% elif pve_auth_pam_tfa_yubico_enabled and not pve_auth_pam_tfa_oath_enabled %}
+    {% elif pve_auth_pam_tfa_yubico_enabled and not pve_auth_pam_tfa_oath_enabled -%}
     tfa type=yubico,id={{ pve_auth_pam_tfa_yubico_api_id }},key={{ pve_auth_pam_tfa_yubico_api_key }},url={{ pve_auth_pam_tfa_yubico_url }}
-    {% endif %}
+    {% endif -%}
 {% endif %}
 
 {% if pve_auth_pve_enabled %}
 pve: {{ pve_auth_pve_realm }}
     comment {{ pve_auth_pve_description }}
     default {{ 1 if pve_auth_pve_is_default else 0 }}
-    {% if pve_auth_pve_tfa_oath_enabled and not pve_auth_pve_tfa_yubico_enabled %}
+    {% if pve_auth_pve_tfa_oath_enabled and not pve_auth_pve_tfa_yubico_enabled -%}
     tfa type=oath,step={{ pve_auth_pve_tfa_oath_timestep }},digits={{ pve_auth_pve_tfa_oath_pwlength }}
-    {% elif pve_auth_pve_tfa_yubico_enabled and not pve_auth_pve_tfa_oath_enabled %}
+    {% elif pve_auth_pve_tfa_yubico_enabled and not pve_auth_pve_tfa_oath_enabled -%}
     tfa type=yubico,id={{ pve_auth_pve_tfa_yubico_api_id }},key={{ pve_auth_pve_tfa_yubico_api_key }},url={{ pve_auth_pve_tfa_yubico_url }}
-    {% endif %}
+    {% endif -%}
 {% endif %}
 
 {% if pve_auth_ldap_enabled %}
@@ -27,19 +27,19 @@ ldap: {{ pve_auth_ldap_realm }}
     comment {{ pve_auth_ldap_description }}
     base_dn {{ pve_auth_ldap_base_dn }}
     server1 {{ pve_auth_ldap_primary_server }}
-    {% if pve_auth_ldap_secondary_server is defined %}
+    {% if pve_auth_ldap_secondary_server is defined -%}
     server2 {{ pve_auth_ldap_secondary_server }}
     {% endif -%}
     user_attr {{ pve_auth_ldap_user_attr }}
-    {%- if pve_auth_ldap_bind_dn is defined %}
+    {% if pve_auth_ldap_bind_dn is defined -%}
     bind_dn {{ pve_auth_ldap_bind_dn }}
     {% endif -%}
     default {{ 1 if pve_auth_ldap_is_default else 0 }}
     port {{ pve_auth_ldap_port }}
     secure {{ 1 if pve_auth_ldap_tls_enabled else 0 }}
-    {%- if pve_auth_ldap_tfa_oath_enabled and not pve_auth_ldap_tfa_yubico_enabled %}
+    {% if pve_auth_ldap_tfa_oath_enabled and not pve_auth_ldap_tfa_yubico_enabled -%}
     tfa type=oath,step={{ pve_auth_ldap_tfa_oath_timestep }},digits={{ pve_auth_ldap_tfa_oath_pwlength }}
-    {%- elif pve_auth_ldap_tfa_yubico_enabled and not pve_auth_ldap_tfa_oath_enabled -%}
+    {% elif pve_auth_ldap_tfa_yubico_enabled and not pve_auth_ldap_tfa_oath_enabled -%}
     tfa type=yubico,id={{ pve_auth_ldap_tfa_yubico_api_id }},key={{ pve_auth_ldap_tfa_yubico_api_key }},url={{ pve_auth_ldap_tfa_yubico_url }}
-    {% endif %}
+    {% endif -%}
 {% endif %}