diff --git a/machines/hippocampus/servers/public/gitea.nix b/machines/hippocampus/servers/public/gitea.nix
index cf2fea9..4918fa4 100644
--- a/machines/hippocampus/servers/public/gitea.nix
+++ b/machines/hippocampus/servers/public/gitea.nix
@@ -36,11 +36,12 @@ in {
   services.postgresql = {
     enable = true;
     port = 5432;
+    ensureDatabases = [
+      "gitea"
+    ];
     ensureUsers = [{
       name = "gitea";
-      ensurePermissions = {
-        "DATABASE \"gitea\"" = "ALL PRIVILEGES";
-      };
+      ensureDBOwnership = true;
       ensureClauses = {
         createdb = true;
       };
diff --git a/machines/hippocampus/servers/public/nextcloud.nix b/machines/hippocampus/servers/public/nextcloud.nix
index 6808528..b2d87c2 100644
--- a/machines/hippocampus/servers/public/nextcloud.nix
+++ b/machines/hippocampus/servers/public/nextcloud.nix
@@ -76,8 +76,8 @@ in {
       # generate video thumbnails with preview generator
       ffmpeg_5-headless
       # required for recognize app
-      nodejs-14_x # runtime and installation requirement
-      nodejs-14_x.pkgs.node-pre-gyp # installation requirement
+      nodejs_20 # runtime and installation requirement
+      nodejs_20.pkgs.node-pre-gyp # installation requirement
       util-linux # runtime requirement for taskset
     ];
   };
@@ -103,9 +103,7 @@ in {
     ];
     ensureUsers = [{
       name = "nextcloud";
-      ensurePermissions = {
-        "DATABASE \"nextcloud\"" = "ALL PRIVILEGES";
-      };
+      ensureDBOwnership = true;
       ensureClauses = {
         createdb = true;
       };
diff --git a/machines/hippocampus/servers/public/nextcloud/onlyoffice.nix b/machines/hippocampus/servers/public/nextcloud/onlyoffice.nix
index 4bd573c..78ca85e 100644
--- a/machines/hippocampus/servers/public/nextcloud/onlyoffice.nix
+++ b/machines/hippocampus/servers/public/nextcloud/onlyoffice.nix
@@ -42,9 +42,7 @@
     ];
     ensureUsers = [{
       name = "onlyoffice";
-      ensurePermissions = {
-        "DATABASE \"onlyoffice\"" = "ALL PRIVILEGES";
-      };
+      ensureDBOwnership = true;
     }];
   };
 }
diff --git a/machines/hippocampus/servers/public/vaultwarden.nix b/machines/hippocampus/servers/public/vaultwarden.nix
index 4cc887b..cff76ff 100644
--- a/machines/hippocampus/servers/public/vaultwarden.nix
+++ b/machines/hippocampus/servers/public/vaultwarden.nix
@@ -22,9 +22,7 @@
     ];
     ensureUsers = [{
       name = "vaultwarden";
-      ensurePermissions = {
-        "DATABASE \"vaultwarden\"" = "ALL PRIVILEGES";
-      };
+      ensureDBOwnership = true;
     }];
   };
   services.caddy.virtualHosts = {