From 586f98bc9fac5951ab0e25f77a9dbeb90d464930 Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Sun, 14 Sep 2025 03:05:06 +0300
Subject: [PATCH] synapse: Use federation port 8448

---
 roles/synapse/tasks/main.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/roles/synapse/tasks/main.yaml b/roles/synapse/tasks/main.yaml
index f072e7d..bdd5cff 100644
--- a/roles/synapse/tasks/main.yaml
+++ b/roles/synapse/tasks/main.yaml
@@ -72,3 +72,21 @@
     matrix_authentication_service_upstream_oauth2_scope: "{{ synapse_oidc_provider_scopes | join(' ') }}"
     matrix_authentication_service_upstream_oauth2_claims_imports: "{{ synapse_oidc_provider_mas_claims_imports }}"
     matrix_authentication_service_upstream_oauth2_human_name: "{{ synapse_oidc_provider_name }}"
+
+- name: Reverse proxy synapse federation
+  ansible.builtin.import_role:
+    name: uumas.general.vhost
+  vars:
+    vhost_type: reverse_proxy
+    vhost_id: synapse-federation
+    vhost_domains:
+      - "{{ synapse_external_domain }}:8448"
+    vhost_proxy_target_netproto: unix
+    vhost_proxy_target_socket: "/run/synapse-socat.sock"
+
+- name: Open port for synapse federation
+  ansible.posix.firewalld:
+    service: matrix
+    state: enabled
+    permanent: true
+    immediate: true