diff --git a/modules/server/database/default.nix b/modules/server/database/default.nix
index 70f0e98..b0dcdf9 100644
--- a/modules/server/database/default.nix
+++ b/modules/server/database/default.nix
@@ -26,6 +26,9 @@ in {
     systemd.services.postgresql.postStart = lib.mkAfter ''
       PSQL="${pkgs.postgresql}/bin/psql"
       ${lib.concatMapStringsSep "\n" (name: ''
+        $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = '${name}_user'" | grep -q 1 || \
+        $PSQL -tAc "CREATE ROLE ${name}_user WITH LOGIN;"
+
         $PSQL -tAc "ALTER DATABASE ${name}_db OWNER TO ${name}_user;"
         
         if [ -f "${config.sops.secrets."${name}_pass".path}" ]; then