Hi team, quick note about WireGuard peer IP handling:
Problem:
wireguard.peer_ips are stored inside the generic proxy_settings JSON. That requires scanning/parsing proxy_settings for every user when allocating/validating peer IPs (unless Postgres JSONB extraction is used), which is inefficient and not indexable. This will slow allocations and increase CPU/memory and network load as user counts grow, especially on MySQL/SQLite or when proxy_settings is json (not jsonb).
Impact:
allocation/validation becomes O(number_of_users + number_of_peer_ips) with full JSON transfer/parse on some DBs; it prevents efficient DB-side indexing and makes large-bulk user creation or frequent allocations potentially costly.
Recommendation:
normalize WireGuard peer IPs into a dedicated table (e.g. wireguard_peers with columns id, user_id FK, peer_ip CIDR) and add appropriate indexes and a uniqueness constraint. Migrate existing peer_ips into that table and change allocation/validation to query this table (very cheap and indexable). Alternatively, ensure proxy_settings is jsonb and keep a small indexable summary column, but normalization is preferable for correctness and scale.
Question:
Is the current logic/schema for WireGuard (storing peer_ips in proxy_settings and the allocation approach) considered final?
Hi team, quick note about WireGuard peer IP handling:
Problem:
wireguard.peer_ips are stored inside the generic proxy_settings JSON. That requires scanning/parsing proxy_settings for every user when allocating/validating peer IPs (unless Postgres JSONB extraction is used), which is inefficient and not indexable. This will slow allocations and increase CPU/memory and network load as user counts grow, especially on MySQL/SQLite or when proxy_settings is json (not jsonb).
Impact:
allocation/validation becomes O(number_of_users + number_of_peer_ips) with full JSON transfer/parse on some DBs; it prevents efficient DB-side indexing and makes large-bulk user creation or frequent allocations potentially costly.
Recommendation:
normalize WireGuard peer IPs into a dedicated table (e.g. wireguard_peers with columns id, user_id FK, peer_ip CIDR) and add appropriate indexes and a uniqueness constraint. Migrate existing peer_ips into that table and change allocation/validation to query this table (very cheap and indexable). Alternatively, ensure proxy_settings is jsonb and keep a small indexable summary column, but normalization is preferable for correctness and scale.
Question:
Is the current logic/schema for WireGuard (storing peer_ips in proxy_settings and the allocation approach) considered final?