diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6e19284b..16475c9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,9 @@ after improving the test harness as part of adopting [#1460](https://github.com/
 ### BREAKING
 
 - Code reorganisation, a lot of code has moved, please review the following PRs accordingly [#1473](https://github.com/juanfont/headscale/pull/1473)
+- Change the structure of database configuration, see [config-example.yaml](./config-example.yaml) for the new structure. [#1700](https://github.com/juanfont/headscale/pull/1700)
+  - Old structure has been remove and the configuration _must_ be converted.
+  - Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
 - API: Machine is now Node [#1553](https://github.com/juanfont/headscale/pull/1553)
 - Remove support for older Tailscale clients [#1611](https://github.com/juanfont/headscale/pull/1611)
   - The latest supported client is 1.38
@@ -46,9 +49,6 @@ after improving the test harness as part of adopting [#1460](https://github.com/
 - Fix [TS-2023-006](https://tailscale.com/security-bulletins/#ts-2023-006) security UPnP issue [#1563](https://github.com/juanfont/headscale/pull/1563)
 - Turn off gRPC logging [#1640](https://github.com/juanfont/headscale/pull/1640) fixes [#1259](https://github.com/juanfont/headscale/issues/1259)
 - Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. [#1565](https://github.com/juanfont/headscale/pull/1565)
-- Change the structure of database configuration, see [config-example.yaml](./config-example.yaml) for the new structure. [#1700](https://github.com/juanfont/headscale/pull/1700)
-  - Old structure is now considered deprecated and will be removed in the future.
-  - Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
 - Add support for deleting api keys [#1702](https://github.com/juanfont/headscale/pull/1702)
 
 ## 0.22.3 (2023-05-12)
diff --git a/cmd/headscale/headscale_test.go b/cmd/headscale/headscale_test.go
index d73d30b5..c27fa20a 100644
--- a/cmd/headscale/headscale_test.go
+++ b/cmd/headscale/headscale_test.go
@@ -58,8 +58,6 @@ func (*Suite) TestConfigFileLoading(c *check.C) {
 	c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
 	c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
 	c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
-	c.Assert(viper.GetString("db_type"), check.Equals, "sqlite")
-	c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite")
 	c.Assert(viper.GetString("database.type"), check.Equals, "sqlite")
 	c.Assert(viper.GetString("database.sqlite.path"), check.Equals, "/var/lib/headscale/db.sqlite")
 	c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
@@ -103,8 +101,8 @@ func (*Suite) TestConfigLoading(c *check.C) {
 	c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
 	c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
 	c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
-	c.Assert(viper.GetString("db_type"), check.Equals, "sqlite")
-	c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite")
+	c.Assert(viper.GetString("database.type"), check.Equals, "sqlite")
+	c.Assert(viper.GetString("database.sqlite.path"), check.Equals, "/var/lib/headscale/db.sqlite")
 	c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
 	c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
 	c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
diff --git a/config-example.yaml b/config-example.yaml
index d41771f9..80c2af1f 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -158,7 +158,7 @@ database:
   #   conn_max_idle_time_secs: 3600
 
   #   # If other 'sslmode' is required instead of 'require(true)' and 'disabled(false)', set the 'sslmode' you need
-  #   # in the 'db_ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1.
+  #   # in the 'ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1.
   #   ssl: false
 
 ### TLS configuration
diff --git a/docs/running-headscale-container.md b/docs/running-headscale-container.md
index c2663581..74fca474 100644
--- a/docs/running-headscale-container.md
+++ b/docs/running-headscale-container.md
@@ -62,8 +62,8 @@ private_key_path: /etc/headscale/private.key
 noise:
   private_key_path: /etc/headscale/noise_private.key
 # The default /var/lib/headscale path is not writable  in the container
-db_type: sqlite3
-db_path: /etc/headscale/db.sqlite
+database.type: sqlite3
+database.sqlite.path: /etc/headscale/db.sqlite
 ```
 
 4. Start the headscale server while working in the host headscale directory:
diff --git a/hscontrol/app.go b/hscontrol/app.go
index 78b72bf5..bb7253b5 100644
--- a/hscontrol/app.go
+++ b/hscontrol/app.go
@@ -57,7 +57,6 @@ import (
 
 var (
 	errSTUNAddressNotSet                   = errors.New("STUN address not set")
-	errUnsupportedDatabase                 = errors.New("unsupported DB")
 	errUnsupportedLetsEncryptChallengeType = errors.New(
 		"unknown value for Lets Encrypt challenge type",
 	)
@@ -79,9 +78,6 @@ const (
 type Headscale struct {
 	cfg             *types.Config
 	db              *db.HSDatabase
-	dbString        string
-	dbType          string
-	dbDebug         bool
 	noisePrivateKey *key.MachinePrivate
 
 	DERPMap    *tailcfg.DERPMap
diff --git a/hscontrol/types/config.go b/hscontrol/types/config.go
index a82218e6..77732e83 100644
--- a/hscontrol/types/config.go
+++ b/hscontrol/types/config.go
@@ -180,19 +180,6 @@ func LoadConfig(path string, isFile bool) error {
 	viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
 	viper.AutomaticEnv()
 
-	viper.RegisterAlias("db_type", "database.type")
-
-	// SQLite aliases
-	viper.RegisterAlias("db_path", "database.sqlite.path")
-
-	// Postgres aliases
-	viper.RegisterAlias("db_host", "database.postgres.host")
-	viper.RegisterAlias("db_port", "database.postgres.port")
-	viper.RegisterAlias("db_name", "database.postgres.name")
-	viper.RegisterAlias("db_user", "database.postgres.user")
-	viper.RegisterAlias("db_pass", "database.postgres.pass")
-	viper.RegisterAlias("db_ssl", "database.postgres.ssl")
-
 	viper.SetDefault("tls_letsencrypt_cache_dir", "/var/www/.cache")
 	viper.SetDefault("tls_letsencrypt_challenge_type", HTTP01ChallengeType)
 
@@ -215,7 +202,6 @@ func LoadConfig(path string, isFile bool) error {
 	viper.SetDefault("cli.timeout", "5s")
 	viper.SetDefault("cli.insecure", false)
 
-	viper.SetDefault("db_ssl", false)
 	viper.SetDefault("database.postgres.ssl", false)
 	viper.SetDefault("database.postgres.max_open_conns", 10)
 	viper.SetDefault("database.postgres.max_idle_conns", 10)
diff --git a/integration/hsic/config.go b/integration/hsic/config.go
index 819b108f..f7d8b9f8 100644
--- a/integration/hsic/config.go
+++ b/integration/hsic/config.go
@@ -67,8 +67,9 @@ func DefaultConfigYAML() string {
 log:
   level: trace
 acl_policy_path: ""
-db_type: sqlite3
-db_path: /tmp/integration_test_db.sqlite3
+database:
+  type: sqlite3
+  sqlite.path: /tmp/integration_test_db.sqlite3
 ephemeral_node_inactivity_timeout: 30m
 node_update_check_interval: 10s
 ip_prefixes: