diff --git a/services/telegraf.nix b/services/telegraf.nix
index 7cd3320e..4d35a188 100644
--- a/services/telegraf.nix
+++ b/services/telegraf.nix
@@ -9,9 +9,15 @@
 
   users.users.telegraf = {
     extraGroups = [ "wheel" ];
-    isNormalUser = true;
+    isSystemUser = true;
   };
 
+  # Allow the telegraf account to invoke sudo without a password
+  security.sudo.extraConfig = ''
+    telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
+    Defaults!FAIL2BAN !logfile, !syslog, !pam_session
+  '';
+
   # Install the package
   environment.systemPackages = with pkgs; [
     lm_sensors