diff --git a/modules/nixos/tools/telegraf/default.nix b/modules/nixos/tools/telegraf/default.nix
index 5d361b5..f51ce4d 100644
--- a/modules/nixos/tools/telegraf/default.nix
+++ b/modules/nixos/tools/telegraf/default.nix
@@ -3,11 +3,6 @@ let
   cfg = config.syscfg.monitoring.telegraf;
   hasCollector = name: builtins.elem name cfg.collectors;
   influxCfg = cfg.outputs.influxdb_v3;
-  telegrafEnvFiles =
-    lib.optional (influxCfg.secretName != null) "/run/secrets/${influxCfg.secretName}";
-  dockerGroups =
-    lib.optionals (cfg.enable && hasCollector "docker" && config.virtualisation.podman.enable) [ "podman" ]
-    ++ lib.optionals (cfg.enable && hasCollector "docker" && config.virtualisation.docker.enable) [ "docker" ];
   baseConfig = {
     agent = {
       interval = "10s";
@@ -102,7 +97,7 @@ in {
   config = lib.mkIf cfg.enable {
     services.telegraf = {
       enable = true;
-      environmentFiles = telegrafEnvFiles;
+      environmentFiles = [ config.sops.secrets.telegraf.path ];
       extraConfig = lib.mkMerge [
         baseConfig
         inputsConfig
@@ -111,11 +106,11 @@ in {
       ];
     };
 
-    users.users.telegraf.extraGroups = dockerGroups;
+    users.users.telegraf.extraGroups = ["docker" "podman"];
 
     systemd.services.telegraf = {
       path = lib.optionals (hasCollector "smart") [ pkgs.smartmontools ];
-      serviceConfig.SupplementaryGroups = dockerGroups;
+      serviceConfig.SupplementaryGroups =  = ["docker" "podman"];
     };
 
     security.sudo.extraRules = lib.optionals (hasCollector "smart") [{
diff --git a/systems/sandbox/cfg.nix b/systems/sandbox/cfg.nix
index 0165837..301fe18 100644
--- a/systems/sandbox/cfg.nix
+++ b/systems/sandbox/cfg.nix
@@ -109,9 +109,6 @@
         database = "main";
         secretName = "INFLUX";
       };
-      tags = {
-        role = "sandbox";
-      };
     };
   };
 }