diff --git a/kubernetes/gabernetes/apps/esphome/app/helmrelease.yaml b/kubernetes/gabernetes/apps/esphome/app/helmrelease.yaml
index 25ea68893..51a3f556b 100644
--- a/kubernetes/gabernetes/apps/esphome/app/helmrelease.yaml
+++ b/kubernetes/gabernetes/apps/esphome/app/helmrelease.yaml
@@ -32,6 +32,8 @@ spec:
         runAsNonRoot: true
         runAsUser: 65534
         runAsGroup: 65534
+        fsGroup: 65534
+        fsGroupChangePolicy: OnRootMismatch
         seccompProfile: { type: RuntimeDefault }
 
     controllers:
@@ -45,7 +47,14 @@ spec:
             env:
               TZ: America/Chicago
               ESPHOME_DASHBOARD_USE_PING: true
-              PLATFORMIO_CORE_DIR: .tmp/platformio
+              # From https://github.com/ptr727/ESPHome-NonRoot
+              PLATFORMIO_CORE_DIR: /cache/pio
+              # ESPHome "build_path" option, default is "/config/.esphome/build/[project]"
+              ESPHOME_BUILD_PATH: /cache/build
+              # ESPHome "data_dir" option, default is "/config/.esphome"
+              ESPHOME_DATA_DIR: /cache/data
+              # Set pip cache directory, default is "~/.cache/pip"
+              PIP_CACHE_DIR: /cache/pip
             probes:
               startup:
                 enabled: true
@@ -81,8 +90,8 @@ spec:
               - --disable-telemetry
               - --disable-update-check
               - --auth=none
-              - --user-data-dir=/config/.vscode
-              - --extensions-dir=/config/.vscode
+              - --user-data-dir=/cache
+              - --extensions-dir=/cache
               - /config
             resources:
               limits:
@@ -116,9 +125,28 @@ spec:
         accessMode: ReadWriteMany
         size: 8Gi
         retain: true
-      nonexistent:
+      cache:
+        enabled: true
+        storageClass: longhorn-ssd
+        accessMode: ReadWriteOnce
+        size: 8Gi
+        advancedMounts:
+          esphome:
+            app:
+              - path: /cache
+                subPath: esphome
+          code:
+            app:
+              - path: /cache
+                subPath: code
+      tmp:
         enabled: true
         type: emptyDir
+        globalMounts:
+          - path: /nonexistent
+            subPath: home
+          - path: /tmp
+            subPath: tmp
 
     ingress:
       esphome:
diff --git a/kubernetes/gabernetes/apps/esphome/borgmatic/helmrelease.yaml b/kubernetes/gabernetes/apps/esphome/borgmatic/helmrelease.yaml
index 9aa0085c9..9b3321fdc 100644
--- a/kubernetes/gabernetes/apps/esphome/borgmatic/helmrelease.yaml
+++ b/kubernetes/gabernetes/apps/esphome/borgmatic/helmrelease.yaml
@@ -73,10 +73,6 @@ spec:
                 label: borgbase
             source_directories:
               - /esphome-config
-            exclude_patterns:
-              - /esphome-config/.esphome
-              - /esphome-config/.tmp
-              - /esphome-config/build
             archive_name_format: "esphome-{now:%Y-%m-%d-%H%M%S}"
             ssh_command: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR
             retries: 2