diff --git a/roles/matrix/tasks/synapse.yml b/roles/matrix/tasks/synapse.yml
index f4a663d..f198516 100644
--- a/roles/matrix/tasks/synapse.yml
+++ b/roles/matrix/tasks/synapse.yml
@@ -60,6 +60,7 @@
     - listeners
     - url_preview
     - captcha
+    - turn
 
 - name: Create Matrix Synapse log config
   template:
diff --git a/roles/matrix/templates/synapse/config/other.yaml b/roles/matrix/templates/synapse/config/other.yaml
index 5da1f47..07ef4a1 100644
--- a/roles/matrix/templates/synapse/config/other.yaml
+++ b/roles/matrix/templates/synapse/config/other.yaml
@@ -613,35 +613,6 @@ media_store_path: '{{ matrix__synapse__media_dir }}'
 #    method: scale
 
 
-## TURN ##
-
-# The public URIs of the TURN server to give to clients
-#
-#turn_uris: []
-
-# The shared secret used to compute passwords for the TURN server
-#
-#turn_shared_secret: "YOUR_SHARED_SECRET"
-
-# The Username and password if the TURN server needs them and
-# does not use a token
-#
-#turn_username: "TURNSERVER_USERNAME"
-#turn_password: "TURNSERVER_PASSWORD"
-
-# How long generated TURN credentials last
-#
-#turn_user_lifetime: 1h
-
-# Whether guests should be allowed to use the TURN server.
-# This defaults to True, otherwise VoIP will be unreliable for guests.
-# However, it does introduce a slight security risk as it allows users to
-# connect to arbitrary endpoints without having first signed up for a
-# valid account (e.g. by passing a CAPTCHA).
-#
-#turn_allow_guests: true
-
-
 ## Registration ##
 #
 # Registration can be rate-limited using the parameters in the "Ratelimiting"
diff --git a/roles/matrix/templates/synapse/config/turn.yaml b/roles/matrix/templates/synapse/config/turn.yaml
new file mode 100644
index 0000000..868e7cd
--- /dev/null
+++ b/roles/matrix/templates/synapse/config/turn.yaml
@@ -0,0 +1,27 @@
+## TURN ##
+
+# The public URIs of the TURN server to give to clients
+#
+#turn_uris: []
+
+# The shared secret used to compute passwords for the TURN server
+#
+#turn_shared_secret: "YOUR_SHARED_SECRET"
+
+# The Username and password if the TURN server needs them and
+# does not use a token
+#
+#turn_username: "TURNSERVER_USERNAME"
+#turn_password: "TURNSERVER_PASSWORD"
+
+# How long generated TURN credentials last
+#
+#turn_user_lifetime: 1h
+
+# Whether guests should be allowed to use the TURN server.
+# This defaults to True, otherwise VoIP will be unreliable for guests.
+# However, it does introduce a slight security risk as it allows users to
+# connect to arbitrary endpoints without having first signed up for a
+# valid account (e.g. by passing a CAPTCHA).
+#
+#turn_allow_guests: true