diff --git a/hermes/deploy.yaml b/hermes/deploy.yaml
index 6e8a7c8..8f54895 100644
--- a/hermes/deploy.yaml
+++ b/hermes/deploy.yaml
@@ -4,6 +4,7 @@ metadata:
   name: hermes
   namespace: hermes
 spec:
+
   strategy:
     type: Recreate
   replicas: 1
@@ -15,13 +16,25 @@ spec:
       labels:
         app: hermes
     spec:
+      securityContext:
+        fsGroup: 1000
       volumes:
       - name: data
         hostPath:
           path: /data/hermes
           type: DirectoryOrCreate
+      - name: tools
+        hostPath:
+          path: /data/tools
+          type: DirectoryOrCreate
+      - name: projects
+        hostPath:
+          path: /data/code-server/coder
+          type: DirectoryOrCreate
+      - name: tmp
+        emptyDir: {}
       containers:
-      - name: gateway
+      - name: gateway 
         #image: cr.wetofu.me/nousresearch/hermes-agent:v2026.5.16
         image: image
         ports:
@@ -43,9 +56,21 @@ spec:
         - secretRef:
             name: hermes
             optional: true
+        - configMapRef:
+            name: hermes
         volumeMounts:
         - name: data
           mountPath: /opt/data
+        - name: tools
+          mountPath: /opt/data/home/.local
+          subPath: .local
+        - name: tools
+          mountPath: /opt/data/home/.config
+          subPath: .config
+        - name: projects
+          mountPath: /opt/data/workspace/Projects
+        - name: tmp
+          mountPath: /tmp
         resources:
           requests:
             memory: "1Gi"
@@ -73,13 +98,17 @@ spec:
         - secretRef:
             name: hermes
             optional: true
+        - configMapRef:
+            name: hermes
         volumeMounts:
-          - name: data
-            mountPath: /opt/data
+        - name: data
+          mountPath: /opt/data
+        - name: tmp
+          mountPath: /tmp
         resources:
           requests:
             memory: "256Mi"
             cpu: "100m"
           limits:
             memory: "512Mi"
-            cpu: "500m"
\ No newline at end of file
+            cpu: "500m"
diff --git a/hermes/kustomization.yaml b/hermes/kustomization.yaml
index 4b03ba8..ef17c66 100644
--- a/hermes/kustomization.yaml
+++ b/hermes/kustomization.yaml
@@ -15,5 +15,10 @@ secretGenerator:
   - secrets/TELEGRAM_BOT_TOKEN
   - secrets/DEEPSEEK_API_KEY
   - secrets/API_SERVER_KEY
-  - secrets/GATEWAY_ALLOW_ALL_USERS
-  type: Opaque
\ No newline at end of file
+  type: Opaque
+configMapGenerator:
+- name: hermes
+  files:
+  - config/GATEWAY_ALLOW_ALL_USERS
+  - config/TELEGRAM_OBSERVE_UNMENTIONED_GROUP_MESSAGES
+  - config/TELEGRAM_REQUIRE_MENTION
diff --git a/hermes/secrets/GATEWAY_ALLOW_ALL_USERS b/hermes/secrets/GATEWAY_ALLOW_ALL_USERS
deleted file mode 100644
index f32a580..0000000
--- a/hermes/secrets/GATEWAY_ALLOW_ALL_USERS
+++ /dev/null
@@ -1 +0,0 @@
-true
\ No newline at end of file