diff --git a/requirements.txt b/requirements.txt
index 26b4f75..445b58c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,14 +23,14 @@ numpy==1.22.4
 packaging==20.9
 paramiko==2.8.1
 pluggy==0.13.1
-py==1.10.0
+py==1.11.0
 pycparser==2.20
 Pygments==2.14.0
 pyhcl==0.4.4
 PyNaCl==1.4.0
 pyparsing==2.4.7
-pytest==6.2.4
-pytest-testinfra==6.4.0
+pytest==7.2.0
+pytest-testinfra==7.0.0
 python-consul==1.1.0
 PyYAML==5.4.1
 requests==2.28.1
diff --git a/vault/playbook.yml b/vault/playbook.yml
index de13a7a..78e25bc 100644
--- a/vault/playbook.yml
+++ b/vault/playbook.yml
@@ -13,6 +13,8 @@
       - jq
       - net-tools
       - curl
+      - unzip
+    region: "ams3"
   pre_tasks:
     - name: Wait
       ansible.builtin.pause:
@@ -38,10 +40,17 @@
         state: present
         create_home: false
         generate_ssh_key: false
+    - name: Ensure Vault bin dir
+      ansible.builtin.file:
+        path: "{{ vault_bin_dir }}"
+        state: directory
+        mode: 0777
+        owner: root
+        group: root
     - name: Get Vault
       ansible.builtin.unarchive:
         src: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
-        dest: "{{ vault_bin_dir }}/vault"
+        dest: "{{ vault_bin_dir }}"
         remote_src: true
         mode: 0777
         owner: root
@@ -61,8 +70,6 @@
         mode: 0660
         owner: vault
         group: vault
-        block_start_string: "{%"
-        block_end_string: "%}"
         variable_start_string: "[["
         variable_end_string: "]]"
         # validate:
diff --git a/vault/vault-do.pkr.hcl b/vault/vault-do.pkr.hcl
index 6a199c0..a935ac3 100644
--- a/vault/vault-do.pkr.hcl
+++ b/vault/vault-do.pkr.hcl
@@ -65,5 +65,9 @@ build {
   sources = ["source.digitalocean.server"]
   provisioner "ansible" {
     playbook_file = "playbook.yml"
+    extra_arguments = [
+      "--extra-vars",
+      "region=${var.region}"
+    ]
   }
 }
diff --git a/vault/vault.hcl.j2 b/vault/vault.hcl.j2
index 7607bbd..6ff84ea 100644
--- a/vault/vault.hcl.j2
+++ b/vault/vault.hcl.j2
@@ -17,6 +17,7 @@ listener "tcp" {
   tls_disable = true
 }
 
+{% raw %}
 listener "tcp" {
   address = "{{ GetInterfaceIP \"eth0\" }}:8200"
   tls_disable = true
@@ -24,6 +25,7 @@ listener "tcp" {
 
 api_addr = "http://{{ GetInterfaceIP \"eth0\" }}:8200"
 cluster_addr = "http://{{ GetInterfaceIP \"eth0\" }}:8201"
+{% endraw %}
 
 {% if consul_agent | default (false) %}
 service_registration "consul" {