diff --git a/fail2ban/ng/config.sls b/fail2ban/ng/config.sls
index f9b8663..7e6c654 100644
--- a/fail2ban/ng/config.sls
+++ b/fail2ban/ng/config.sls
@@ -6,11 +6,8 @@
 fail2ban.ng.config.fail2ban:
 {% if fail2ban.config is defined %}
 
-{% if fail2ban.config.source_path is defined %}
-{% set fail2ban_config = fail2ban.config.source_path %}
-{% else %}
-{% set fail2ban_config = 'salt://fail2ban/ng/files/config.jinja' %}
-{% endif %}
+{% set fail2ban_config = fail2ban.config.get('source_path',
+                           'salt://fail2ban/ng/files/config.jinja') %}
 
     file.managed:
         - name: {{ fail2ban.prefix }}/etc/fail2ban/fail2ban.local
@@ -34,11 +31,8 @@ fail2ban.ng.config.fail2ban:
 fail2ban.ng.config.jails:
 {% if fail2ban.jails is defined %}
 
-{% if fail2ban.jails.source_path is defined %}
-{% set fail2ban_jails = fail2ban.jails.source_path %}
-{% else %}
-{% set fail2ban_jails = 'salt://fail2ban/ng/files/config.jinja' %}
-{% endif %}
+{% set fail2ban_jails = fail2ban.jails.get('source_path',
+                          'salt://fail2ban/ng/files/config.jinja') %}
 
     file.managed:
         - name: {{ fail2ban.prefix }}/etc/fail2ban/jail.local
@@ -57,13 +51,10 @@ fail2ban.ng.config.jails:
         - watch_in:
             - service: {{ fail2ban.service }}
 
-{% for name, options in fail2ban.actions|dictsort %}
+{% for name, options in fail2ban.get('actions', {})|dictsort %}
 
-{% if options.config.source_path is defined %}
-{% set fail2ban_actions = options.config.source_path %}
-{% else %}
-{% set fail2ban_actions = 'salt://fail2ban/ng/files/config.jinja' %}
-{% endif %}
+{% set fail2ban_actions = options.config.get('source_path',
+                            'salt://fail2ban/ng/files/config.jinja') %}
 
 fail2ban.ng.config.action.{{ name }}:
 {% if ( 'enabled' in options and options.enabled ) or ('enabled' not in options ) %}
@@ -86,13 +77,10 @@ fail2ban.ng.config.action.{{ name }}:
 {% endif %}
 {% endfor %}
 
-{% for name, options in fail2ban.filters|dictsort %}
+{% for name, options in fail2ban.get('filters', {})|dictsort %}
 
-{% if options.config.source_path is defined %}
-{% set fail2ban_filters = options.config.source_path %}
-{% else %}
-{% set fail2ban_filters = 'salt://fail2ban/ng/files/config.jinja' %}
-{% endif %}
+{% set fail2ban_filters = options.config.get('source_path',
+                            'salt://fail2ban/ng/files/config.jinja') %}
 
 fail2ban.ng.config.filter.{{ name }}:
 {% if ( 'enabled' in options and options.enabled ) or ('enabled' not in options ) %}
diff --git a/fail2ban/ng/files/config.jinja b/fail2ban/ng/files/config.jinja
index a4d2cdd..31cbb35 100644
--- a/fail2ban/ng/files/config.jinja
+++ b/fail2ban/ng/files/config.jinja
@@ -1,21 +1,12 @@
 #
 # This file is managed by salt. Do not edit by hand.
 #
-{% macro print_config(name, value) %}
-    {%- set name_length = name|length %}
-    {%- if value is string %}
-{{ name }} = {{ value }}
-    {%- elif value is number %}
-{{ name }} = {{ value }}
-    {%- else %}
-    {#- Since strings are also sequences, there's no way to explicitly test for lists #}
-{{ name }} = {{ value|first }}
-        {%- if value|length > 1 %}
-            {%- for item in value[1:] %}
-{{ item|indent(width=name_length + 3, indentfirst=True) }}
-            {%- endfor %}
-        {%- endif %}
-    {%- endif %}
+{%- macro print_config(name, value) %}
+{%-   if value is iterable and value is not string %}
+{{      name }} = {{ value | join('\n') | indent(name | length + 3) }}
+{%-   else %}
+{{      name }} = {{ value }}
+{%-   endif %}
 {%- endmacro %}
 
 {%- for section, section_data in config|dictsort %}
diff --git a/pillar.example b/pillar.example
index 2b38ea5..db9bb88 100644
--- a/pillar.example
+++ b/pillar.example
@@ -52,29 +52,29 @@ fail2ban:
       logtarget: /var/log/fail2ban.log
 
     # jail.local
-      jails:
+    jails:
 
-        # FTP-style
-        source_path: salt://path-to-jail-file
+      # FTP-style
+      source_path: salt://path-to-jail-file
 
-        # Template-style
-        DEFAULT:
-          ignoreip: 127.0.0.1
-          bantime: 600
-        ssh:
-          actions: iptables[name=SSH, port=ssh, protocol=tcp]
-          enabled: 'true'
-          filter: sshd
-          logpath: /var/log/auth.log
-          maxretry: 6
-          port: ssh
-        ssh_ddos:
-          action: iptables[name=SSH, port=ssh, protocol=tcp]
-          enabled: 'true'
-          filter: sshd-ddos
-          logpath: /var/log/auth.log
-          maxretry: 6
-          port: ssh
+      # Template-style
+      DEFAULT:
+        ignoreip: 127.0.0.1
+        bantime: 600
+      ssh:
+        action: iptables[name=SSH, port=ssh, protocol=tcp]
+        enabled: 'true'
+        filter: sshd
+        logpath: /var/log/auth.log
+        maxretry: 6
+        port: ssh
+      ssh_ddos:
+        action: iptables[name=SSH, port=ssh, protocol=tcp]
+        enabled: 'true'
+        filter: sshd-ddos
+        logpath: /var/log/auth.log
+        maxretry: 6
+        port: ssh
 
     # action.d
     actions: