diff --git a/roles/matrix-server/templates/synapse/homeserver.yaml.j2 b/roles/matrix-server/templates/synapse/homeserver.yaml.j2
index f91c8694..8d3b9be2 100644
--- a/roles/matrix-server/templates/synapse/homeserver.yaml.j2
+++ b/roles/matrix-server/templates/synapse/homeserver.yaml.j2
@@ -120,7 +120,8 @@ use_presence: {{ matrix_synapse_use_presence|to_json }}
 #  - nyc.example.com
 #  - syd.example.com
 {% if matrix_synapse_federation_domain_whitelist is not none %}
-federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }}
+federation_domain_whitelist:
+{{ matrix_synapse_federation_domain_whitelist|to_nice_yaml }}
 {% endif %}
 
 # List of ports that Synapse should listen on, their purpose and their
@@ -215,8 +216,8 @@ database:
   # The database engine name
   name: "psycopg2"
   args:
-    user: "{{ matrix_postgres_connection_username }}"
-    password: "{{ matrix_postgres_connection_password }}"
+    user: {{ matrix_postgres_connection_username|to_json }}
+    password: {{ matrix_postgres_connection_password|to_json }}
     database: "{{ matrix_postgres_db_name }}"
     host: "{{ matrix_postgres_connection_hostname }}"
     cp_min: 5
@@ -411,7 +412,7 @@ recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
 turn_uris: ["turn:{{ hostname_matrix }}:3478?transport=udp", "turn:{{ hostname_matrix }}:3478?transport=tcp"]
 
 # The shared secret used to compute passwords for the TURN server
-turn_shared_secret: "{{ matrix_coturn_turn_static_auth_secret }}"
+turn_shared_secret: {{ matrix_coturn_turn_static_auth_secret|to_json }}
 
 # The Username and password if the TURN server needs them and
 # does not use a token
@@ -432,7 +433,7 @@ turn_allow_guests: False
 ## Registration ##
 
 # Enable registration for new users.
-enable_registration: {{ matrix_synapse_enable_registration }}
+enable_registration: {{ matrix_synapse_enable_registration|to_json }}
 
 # The user must provide all of the below types of 3PID when registering.
 #
@@ -453,7 +454,7 @@ enable_registration: {{ matrix_synapse_enable_registration }}
 
 # If set, allows registration by anyone who also has the shared
 # secret, even if registration is otherwise disabled.
-registration_shared_secret: "{{ matrix_synapse_registration_shared_secret }}"
+registration_shared_secret: {{ matrix_synapse_registration_shared_secret|to_json }}
 
 # Set the number of bcrypt rounds used to generate password hash.
 # Larger numbers increase the work factor needed to generate the hash.
@@ -496,7 +497,7 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms }}
 
 # Enable collection and rendering of performance metrics
 enable_metrics: False
-report_stats: {{ matrix_synapse_report_stats }}
+report_stats: {{ matrix_synapse_report_stats|to_json }}
 
 
 ## API Configuration ##
@@ -513,14 +514,14 @@ room_invite_state_types:
 app_service_config_files: {{ matrix_synapse_app_service_config_files }}
 
 
-macaroon_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"
+macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|to_json }}
 
 # Used to enable access token expiration.
 expire_access_token: False
 
 # a secret which is used to calculate HMACs for form values, to stop
 # falsification of values
-form_secret: "{{ matrix_synapse_form_secret }}"
+form_secret: {{ matrix_synapse_form_secret|to_json }}
 
 ## Signing Keys ##
 
@@ -587,7 +588,7 @@ password_config:
    enabled: true
    # Uncomment and change to a secret random string for extra security.
    # DO NOT CHANGE THIS AFTER INITIAL SETUP!
-   pepper: "{{ matrix_synapse_password_config_pepper }}"
+   pepper: {{ matrix_synapse_password_config_pepper|to_json }}
 
 
 
@@ -633,12 +634,12 @@ password_providers:
 {% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %}
   - module: "shared_secret_authenticator.SharedSecretAuthenticator"
     config:
-      sharedSecret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
+      sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|to_json }}
 {% endif %}
 {% if matrix_synapse_ext_password_provider_rest_auth_enabled %}
   - module: "rest_auth_provider.RestAuthProvider"
     config:
-      endpoint: "{{ matrix_synapse_ext_password_provider_rest_auth_endpoint }}"
+      endpoint: {{ matrix_synapse_ext_password_provider_rest_auth_endpoint|to_json }}
       policy:
         registration:
           username:
@@ -653,16 +654,16 @@ password_providers:
   - module: "ldap_auth_provider.LdapAuthProvider"
     config:
       enabled: true
-      uri: "{{ matrix_synapse_ext_password_provider_ldap_uri }}"
-      start_tls: "{{ matrix_synapse_ext_password_provider_ldap_start_tls }}"
-      base: "{{ matrix_synapse_ext_password_provider_ldap_base }}"
+      uri: {{ matrix_synapse_ext_password_provider_ldap_uri|to_json }}
+      start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }}
+      base: {{ matrix_synapse_ext_password_provider_ldap_base|to_json }}
       attributes:
-        uid: "{{ matrix_synapse_ext_password_provider_ldap_attributes_uid }}"
-        mail: "{{ matrix_synapse_ext_password_provider_ldap_attributes_mail }}"
-        name: "{{ matrix_synapse_ext_password_provider_ldap_attributes_name }}"
-      bind_dn: "{{ matrix_synapse_ext_password_provider_ldap_bind_dn }}"
-      bind_password: "{{ matrix_synapse_ext_password_provider_ldap_bind_password }}"
-      filter: "{{ matrix_synapse_ext_password_provider_ldap_filter }}"
+        uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|to_json }}
+        mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|to_json }}
+        name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|to_json }}
+      bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|to_json }}
+      bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|to_json }}
+      filter: {{ matrix_synapse_ext_password_provider_ldap_filter|to_json }}
 {% endif %}
 {% endif %}