diff --git a/README.md b/README.md
index c4aeb70..1c42499 100644
--- a/README.md
+++ b/README.md
@@ -20,9 +20,11 @@ No modules.
 |------|------|
 | [gitlab_branch_protection.protected_branches](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/branch_protection) | resource |
 | [gitlab_project.project](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/project) | resource |
+| [gitlab_project_approval_rule.this](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/project_approval_rule) | resource |
 | [gitlab_project_custom_attribute.custom_attributes](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/project_custom_attribute) | resource |
 | [gitlab_project_environment.environments](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/project_environment) | resource |
 | [gitlab_project_job_token_scopes.ci_token_scope](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/project_job_token_scopes) | resource |
+| [gitlab_project_level_mr_approvals.settings](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/project_level_mr_approvals) | resource |
 | [gitlab_project_push_rules.push_rule](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/project_push_rules) | resource |
 | [gitlab_project_variable.scoped_variables](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/project_variable) | resource |
 | [gitlab_project_variable.variable](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/project_variable) | resource |
@@ -38,11 +40,12 @@ No modules.
 | <a name="input_allow_merge_on_skipped_pipeline"></a> [allow\_merge\_on\_skipped\_pipeline](#input\_allow\_merge\_on\_skipped\_pipeline) | Set to true if you want to treat skipped pipelines as if they finished with success. | `bool` | `true` | no |
 | <a name="input_allowed_avatar_types_json"></a> [allowed\_avatar\_types\_json](#input\_allowed\_avatar\_types\_json) | Path to allowed avatar types json | `string` | `""` | no |
 | <a name="input_allowed_project_types_json"></a> [allowed\_project\_types\_json](#input\_allowed\_project\_types\_json) | Path to allowed project types json | `string` | `""` | no |
+| <a name="input_approval_settings"></a> [approval\_settings](#input\_approval\_settings) | Ustawienia zasad approvals na poziomie merge requestów. | <pre>object({<br/>    disable_overriding_approvers_per_merge_request = optional(bool, true)<br/>    merge_requests_author_approval                 = optional(bool, false)<br/>    merge_requests_disable_committers_approval     = optional(bool, true)<br/>    reset_approvals_on_push                        = optional(bool, true)<br/>    required_password_to_approve                   = optional(bool, false)<br/>    selective_code_owner_removals                  = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_approvals"></a> [approvals](#input\_approvals) | Mapa reguł approval dla projektu. Klucz = nazwa reguły. | <pre>map(object({<br/>    approvals_required                                    = number<br/>    users                                                 = optional(list(number), [])<br/>    groups                                                = optional(list(number), [])<br/>    applies_to_all_protected_branches                     = optional(bool, true)<br/>    protected_branch_ids                                  = optional(list(number), null)<br/>    rule_type                                             = optional(string, "regular") # np. regular | any_approver<br/>    report_type                                           = optional(string, null)      # np. coverage | scan_finding | license_scanning<br/>    disable_importing_default_any_approver_rule_on_create = optional(bool, false)<br/>  }))</pre> | `{}` | no |
 | <a name="input_archived"></a> [archived](#input\_archived) | Archived project | `bool` | `false` | no |
 | <a name="input_attributes"></a> [attributes](#input\_attributes) | custom attributes to be set for the project | `map(string)` | `{}` | no |
 | <a name="input_auto_cancel_pending_pipelines"></a> [auto\_cancel\_pending\_pipelines](#input\_auto\_cancel\_pending\_pipelines) | Auto-cancel pending pipelines. This isn’t a boolean, but enabled/disabled. | `string` | `"enabled"` | no |
 | <a name="input_avatar"></a> [avatar](#input\_avatar) | Type of the avatar for the group (default: from type) | `string` | `""` | no |
-| <a name="input_avatars_dir"></a> [avatars\_dir](#input\_avatars\_dir) | Avatars directory png files | `string` | `""` | no |
 | <a name="input_build_git_strategy"></a> [build\_git\_strategy](#input\_build\_git\_strategy) | The Git strategy. Defaults to fetch. | `string` | `"clone"` | no |
 | <a name="input_build_timeout"></a> [build\_timeout](#input\_build\_timeout) | The maximum amount of time, in seconds, that a job can run. | `number` | `3600` | no |
 | <a name="input_ci_config_path"></a> [ci\_config\_path](#input\_ci\_config\_path) | CI PATH | `string` | `null` | no |
diff --git a/data/allowed_project_types.json b/data/defaults.json
similarity index 100%
rename from data/allowed_project_types.json
rename to data/defaults.json
diff --git a/locals.tf b/locals.tf
index 4b8363f..a0ce84f 100644
--- a/locals.tf
+++ b/locals.tf
@@ -1,18 +1,16 @@
 locals {
-  avatars_dir = var.avatars_dir == "" ? "${path.root}/images" : var.avatars_dir
+  avatars_dir = "${path.root}/images"
 
   allowed_avatar_types_json = var.allowed_avatar_types_json == "" ? "${path.root}/data/allowed_avatar_project_types.json" : var.allowed_avatar_types_json
   allowed_avatar_types      = jsondecode(file("${local.allowed_avatar_types_json}"))
 
-  allowed_project_types_json = var.allowed_avatar_types_json == "" ? "${path.root}/data/allowed_project_types.json" : var.allowed_project_types_json
-  allowed_project_types      = jsondecode(try(file("${local.allowed_project_types_json}"), null) == null ? file("${path.module}/data/allowed_project_types.json") : file(local.allowed_project_types_json))
+  allowed_project_types_json = var.allowed_avatar_types_json == "" ? "${path.root}/data/defaults.json" : var.allowed_project_types_json
+  allowed_project_types      = jsondecode(try(file("${local.allowed_project_types_json}"), null) == null ? file("${path.module}/data/defaults.json") : file(local.allowed_project_types_json))
 
   # Define the allowed project types as a map
-  avatar_project = local.allowed_project_types[var.project_type].avatar == "" ? null : "${local.avatars_dir}/${local.allowed_project_types[var.project_type].avatar}.png"
-  avatar_path    = var.avatar == "" ? local.avatar_project : "${local.avatars_dir}/${var.avatar}.png"
-  avatar         = try(file("${local.avatar_path}"), null) == null ? "${local.avatar_path}" : null
-
-
+  avatar_project          = local.allowed_project_types[var.project_type].avatar == "" ? null : "${local.avatars_dir}/${local.allowed_project_types[var.project_type].avatar}.png"
+  avatar_path             = var.avatar == "" ? local.avatar_project : "${local.avatars_dir}/${var.avatar}.png"
+  avatar                  = try(file("${local.avatar_path}"), null) == null ? "${local.avatar_path}" : null
   token_scope_group_ids   = [for g in values(data.gitlab_group.token_scope_groups) : g.id]
   token_scope_project_ids = [for p in values(data.gitlab_project.token_scope_projects) : p.id]
 
@@ -34,24 +32,6 @@ locals {
         value       = var.project_type
         protected   = "false"
         masked      = "false"
-      },
-      IS_ENABLED_CHECKMARX = {
-        description = "Enabled CheckMarx scan"
-        value       = var.is_enabled_checkmarx == true ? "true" : "false"
-        protected   = "false"
-        masked      = "false"
-      },
-      IS_ENABLED_SONARQUBE = {
-        description = "Enabled SonarQube scan"
-        value       = var.is_enabled_sonarqube == true ? "true" : "false"
-        protected   = "false"
-        masked      = "false"
-      },
-      SIB_APLIKACJA = {
-        description = "[UPW] ID Aplikacji zasobów SIB"
-        value       = var.sib_aplikacja
-        protected   = "false"
-        masked      = "false"
       }
     },
     var.ci_variables
diff --git a/main.tf b/main.tf
index 4172bf8..99a8c51 100644
--- a/main.tf
+++ b/main.tf
@@ -96,3 +96,34 @@ resource "gitlab_project_job_token_scopes" "ci_token_scope" {
   target_group_ids   = local.token_scope_group_ids
   target_project_ids = local.token_scope_project_ids
 }
+
+# Reguły approvals per projekt
+resource "gitlab_project_approval_rule" "this" {
+  for_each = var.approvals
+
+  project = gitlab_project.project.id
+  name    = each.key
+
+  approvals_required = each.value.approvals_required
+  user_ids           = try(each.value.users, [])
+  group_ids          = try(each.value.groups, [])
+
+  applies_to_all_protected_branches = try(each.value.applies_to_all_protected_branches, true)
+  protected_branch_ids              = try(each.value.protected_branch_ids, null)
+
+  rule_type   = try(each.value.rule_type, "regular")
+  report_type = try(each.value.report_type, null)
+
+  disable_importing_default_any_approver_rule_on_create = try(each.value.disable_importing_default_any_approver_rule_on_create, false)
+}
+
+# Globalne ustawienia approvals dla MR-ów w projekcie
+resource "gitlab_project_level_mr_approvals" "settings" {
+  project = gitlab_project.project.id
+
+  disable_overriding_approvers_per_merge_request = try(var.approval_settings.disable_overriding_approvers_per_merge_request, true)
+  merge_requests_author_approval                 = try(var.approval_settings.merge_requests_author_approval, false)
+  merge_requests_disable_committers_approval     = try(var.approval_settings.merge_requests_disable_committers_approval, true)
+  reset_approvals_on_push                        = try(var.approval_settings.reset_approvals_on_push, true)
+  selective_code_owner_removals                  = try(var.approval_settings.selective_code_owner_removals, false)
+}
diff --git a/variable.tf b/variable.tf
index 6a7e26c..2bfa0d9 100644
--- a/variable.tf
+++ b/variable.tf
@@ -182,12 +182,6 @@ variable "attributes" {
   description = "custom attributes to be set for the project"
 }
 
-variable "avatars_dir" {
-  description = "Avatars directory png files"
-  type        = string
-  default     = ""
-}
-
 variable "only_allow_merge_if_pipeline_succeeds" {
   description = "Set to true if you want allow merges only if a pipeline succeeds."
   type        = bool
@@ -234,4 +228,34 @@ variable "token_scope_repositories" {
   description = "CI_JOB_TOKEN repositories allowlist"
   type        = list(string)
   default     = []
-}
\ No newline at end of file
+}
+
+# Zbiór reguł approvals (project-level)
+variable "approvals" {
+  description = "Mapa reguł approval dla projektu. Klucz = nazwa reguły."
+  type = map(object({
+    approvals_required                                    = number
+    users                                                 = optional(list(number), [])
+    groups                                                = optional(list(number), [])
+    applies_to_all_protected_branches                     = optional(bool, true)
+    protected_branch_ids                                  = optional(list(number), null)
+    rule_type                                             = optional(string, "regular") # np. regular | any_approver
+    report_type                                           = optional(string, null)      # np. coverage | scan_finding | license_scanning
+    disable_importing_default_any_approver_rule_on_create = optional(bool, false)
+  }))
+  default = {}
+}
+
+# Ustawienia zachowania approvals (MR-level settings)
+variable "approval_settings" {
+  description = "Ustawienia zasad approvals na poziomie merge requestów."
+  type = object({
+    disable_overriding_approvers_per_merge_request = optional(bool, true)
+    merge_requests_author_approval                 = optional(bool, false)
+    merge_requests_disable_committers_approval     = optional(bool, true)
+    reset_approvals_on_push                        = optional(bool, true)
+    required_password_to_approve                   = optional(bool, false)
+    selective_code_owner_removals                  = optional(bool, false)
+  })
+  default = {}
+}