diff --git a/ops/nixos/lib/vault-agent.nix b/ops/nixos/lib/vault-agent.nix index 326c4ad913..fb8fa450ac 100644 --- a/ops/nixos/lib/vault-agent.nix +++ b/ops/nixos/lib/vault-agent.nix @@ -53,8 +53,8 @@ in }]; cache.use_auto_auth_token = mkDefault true; - listener.tcp = { - address = mkDefault "127.0.0.1:8200"; + listener.unix = { + address = mkDefault "/run/vault-agent/sock"; tls_disable = mkDefault true; }; }; @@ -72,7 +72,7 @@ in environment.VAULT_CLIENT_TIMEOUT = "15m"; serviceConfig = { RuntimeDirectory = "vault-agent"; - RuntimeDirectoryMode = "0700"; + RuntimeDirectoryMode = "0750"; StateDirectory = "vault-agent"; StateDirectoryMode = "0700";