diff --git a/docker-compose.yml b/docker-compose.yml
index f196aa91..5b61fbf4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,7 +15,11 @@ services:
     #  - OAUTH_GOOGLE_ALLOWED_DOMAIN=example.com
 
     image: ghcr.io/wg-easy/wg-easy:15
+    build:
+      context: .
+      dockerfile: Dockerfile
     container_name: wg-easy
+    platform: linux/amd64
     networks:
       wg:
         ipv4_address: 10.42.42.42
diff --git a/src/server/database/repositories/user/service.ts b/src/server/database/repositories/user/service.ts
index 3e80cbee..22f74e46 100644
--- a/src/server/database/repositories/user/service.ts
+++ b/src/server/database/repositories/user/service.ts
@@ -113,7 +113,6 @@ export class UserService {
     }
 
     // Create new user with Google account
-    const userCount = await this.#db.$count(user);
     const randomPassword = crypto.randomUUID();
     const hash = await hashPassword(randomPassword);
 
@@ -122,7 +121,7 @@ export class UserService {
       password: hash,
       email,
       name,
-      role: userCount === 0 ? roles.ADMIN : roles.CLIENT,
+      role: roles.ADMIN,
       totpVerified: false,
       enabled: true,
       googleId,
diff --git a/src/server/database/sqlite.ts b/src/server/database/sqlite.ts
index 203f3423..279990f9 100644
--- a/src/server/database/sqlite.ts
+++ b/src/server/database/sqlite.ts
@@ -81,6 +81,10 @@ async function ensureGoogleIdColumn() {
   } catch {
     // Column already exists — expected after successful migration
   }
+  // Ensure all Google OAuth users have ADMIN role
+  await client.execute(
+    "UPDATE users_table SET role = 1 WHERE google_id IS NOT NULL AND role != 1"
+  );
 }
 
 async function initialSetup(db: DBServiceType) {