diff --git a/clusters/noble/apps/trivy/values.yaml b/clusters/noble/apps/trivy/values.yaml
index 32c4a32..581b7ba 100644
--- a/clusters/noble/apps/trivy/values.yaml
+++ b/clusters/noble/apps/trivy/values.yaml
@@ -1,5 +1,5 @@
 # Trivy Operator — in-cluster image vulnerability + config reports (Aqua trivy-operator Helm chart).
-# **Talos:** **nodeCollector** uses **emptyDir** for systemd paths (see **nodeCollector** below); default host mounts fail on RO **/etc**.
+# **Talos:** **nodeCollector** omits **/etc/systemd** and **/lib/systemd** mounts (RO **/etc** in the image → mkdir fails for any mount there). See trivy-operator#1326.
 # Deploy via Argo CD: **noble-trivy-operator** (`clusters/noble/bootstrap/argocd/app-of-apps/trivy-operator-application.yaml`).
 #
 # Web UI (separate chart; OAuth via Traefik ForwardAuth → oauth2-proxy / Authentik): sync **noble-trivy-dashboard**
@@ -29,9 +29,8 @@ trivyOperator:
   scanJobTolerations:
     - operator: Exists
 
-# Talos: default node-collector **hostPath** mounts for **/etc/systemd** and **/lib/systemd** hit a read-only
-# rootfs → `failed to mkdir "/etc/systemd": read-only file system`. Use **emptyDir** for those two paths only
-# (cluster compliance / node checks see no host unit files there — expected on Talos). See trivy-operator#1326.
+# Talos: exclude **etc-systemd** / **lib-systemd** mounts entirely — mounting under **/etc** still triggers
+# `mkdir /etc/systemd: read-only file system` (container **/etc** is RO). Upstream: override volumes/mounts (#1326).
 nodeCollector:
   tolerations:
     - operator: Exists
@@ -48,10 +47,6 @@ nodeCollector:
     - name: var-lib-kube-controller-manager
       mountPath: /var/lib/kube-controller-manager
       readOnly: true
-    - name: etc-systemd
-      mountPath: /etc/systemd
-    - name: lib-systemd
-      mountPath: /lib/systemd/
     - name: etc-kubernetes
       mountPath: /etc/kubernetes
       readOnly: true
@@ -71,10 +66,6 @@ nodeCollector:
     - name: var-lib-kube-controller-manager
       hostPath:
         path: /var/lib/kube-controller-manager
-    - name: etc-systemd
-      emptyDir: {}
-    - name: lib-systemd
-      emptyDir: {}
     - name: etc-kubernetes
       hostPath:
         path: /etc/kubernetes