diff --git a/nixos/modules/services/misc/taskserver.nix b/nixos/modules/services/misc/taskserver.nix
index 00cde305efa5..992c13401e50 100644
--- a/nixos/modules/services/misc/taskserver.nix
+++ b/nixos/modules/services/misc/taskserver.nix
@@ -719,8 +719,24 @@ in {
 
       environment.TASKDDATA = cfg.dataDir;
 
+      preStart = ''
+        ${concatStrings (mapAttrsToList (orgName: attrs: ''
+          ${ctlcmd} add-org ${mkShellStr orgName}
+
+          ${concatMapStrings (user: ''
+            echo Creating ${user} >&2
+            ${ctlcmd} add-user ${mkShellStr orgName} ${mkShellStr user}
+          '') attrs.users}
+
+          ${concatMapStrings (group: ''
+            ${ctlcmd} add-group ${mkShellStr orgName} ${mkShellStr user}
+          '') attrs.groups}
+        '') cfg.organisations)}
+      '';
+
       serviceConfig = {
         ExecStart = "@${taskd} taskd server";
+        PermissionsStartOnly = true;
         User = cfg.user;
         Group = cfg.group;
       };