diff --git a/apps/dawarich/postgres/initdb/20-grafana-readonly.sh b/apps/dawarich/postgres/initdb/20-grafana-readonly.sh
index 2654090..2298ba5 100644
--- a/apps/dawarich/postgres/initdb/20-grafana-readonly.sh
+++ b/apps/dawarich/postgres/initdb/20-grafana-readonly.sh
@@ -3,33 +3,22 @@ set -eu
 
 GRAFANA_USER="${GRAFANA_DB_USER:-dawarich_grafana_ro}"
 GRAFANA_PASSWORD="$(cat /run/secrets/dawarich_grafana_ro_password)"
+export GRAFANA_USER GRAFANA_PASSWORD
 
-sql_ident() {
-  printf '"%s"' "$(printf '%s' "$1" | sed 's/"/""/g')"
-}
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<'EOSQL'
+\set grafana_user `printf %s "$GRAFANA_USER"`
+\set grafana_password `printf %s "$GRAFANA_PASSWORD"`
 
-sql_literal() {
-  printf "'%s'" "$(printf '%s' "$1" | sed "s/'/''/g")"
-}
+SELECT format('CREATE ROLE %I LOGIN PASSWORD %L', :'grafana_user', :'grafana_password')
+WHERE NOT EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname = :'grafana_user')
+\gexec
 
-DB_IDENT="$(sql_ident "$POSTGRES_DB")"
-USER_IDENT="$(sql_ident "$GRAFANA_USER")"
-USER_LITERAL="$(sql_literal "$GRAFANA_USER")"
-PASSWORD_LITERAL="$(sql_literal "$GRAFANA_PASSWORD")"
+SELECT format('ALTER ROLE %I WITH LOGIN PASSWORD %L', :'grafana_user', :'grafana_password')
+WHERE EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname = :'grafana_user')
+\gexec
 
-psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<EOSQL
-DO \$\$
-BEGIN
-  IF NOT EXISTS (SELECT 1 FROM pg_catalog.pg_roles WHERE rolname = ${USER_LITERAL}) THEN
-    EXECUTE 'CREATE ROLE ${USER_IDENT} LOGIN PASSWORD ${PASSWORD_LITERAL}';
-  ELSE
-    EXECUTE 'ALTER ROLE ${USER_IDENT} WITH LOGIN PASSWORD ${PASSWORD_LITERAL}';
-  END IF;
-END
-\$\$;
-
-GRANT CONNECT ON DATABASE ${DB_IDENT} TO ${USER_IDENT};
-GRANT USAGE ON SCHEMA public TO ${USER_IDENT};
-GRANT SELECT ON ALL TABLES IN SCHEMA public TO ${USER_IDENT};
-ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO ${USER_IDENT};
+SELECT format('GRANT CONNECT ON DATABASE %I TO %I', current_database(), :'grafana_user')\gexec
+SELECT format('GRANT USAGE ON SCHEMA public TO %I', :'grafana_user')\gexec
+SELECT format('GRANT SELECT ON ALL TABLES IN SCHEMA public TO %I', :'grafana_user')\gexec
+SELECT format('ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO %I', :'grafana_user')\gexec
 EOSQL