diff --git a/nix/gilgamesh/configuration.nix b/nix/gilgamesh/configuration.nix
index 897ba8b..dc34982 100644
--- a/nix/gilgamesh/configuration.nix
+++ b/nix/gilgamesh/configuration.nix
@@ -1,9 +1,16 @@
 { config, pkgs, lib, ... }:
-{
+let
+  agenix = builtins.fetchTarball {
+    url = "https://github.com/ryantm/agenix/archive/daf42cb35b2dc614d1551e37f96406e4c4a2d3e4.tar.gz";
+    sha256 = "0gbn01hi8dh7s9rc66yawnmixcasadf20zci4ijzpd143ph492ad";
+  };
+in {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ./spigot.nix
+      "${agenix}/modules/age.nix"
+      ../modules/spigot-server.nix
+      ../modules/ionos-dyndns.nix
     ];
 
   # Use the GRUB 2 boot loader.
@@ -77,13 +84,38 @@
     nssmdns = true;
   };
 
-  services.spigot = {
+  services.spigot-server = {
     enable = true;
+    user = "spigot";
+  };
+
+  # Secrets management
+  age.secrets = {
+    ionos-prefix = {
+      file = ../secrets/ionos-prefix.age;
+      owner = "ionos-dyndns";
+      group = "ionos-dyndns";
+    };
+    ionos-secret = {
+      file = ../secrets/ionos-secret.age;
+      owner = "ionos-dyndns";
+      group = "ionos-dyndns";
+    };
   };
 
   # DynDNS stuff. IONOS has a (proprietary?) API for this,
   # so we're using a Python script from the interwebs :shrug:
-  # TODO: Config using agenix
+  services.ionos-dyndns = {
+    enable = true;
+    # Must match the user owning the secrets below. See agenix config
+    # above for more details.
+    user = "ionos-dyndns";
+    apiPrefixPath = config.age.secrets.ionos-prefix.path;
+    apiSecretPath = config.age.secrets.ionos-secret.path;
+    aaaa = true;
+    fqdn = "blocks.beany.club";
+    interface = "enp0s25";
+  };
 
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [ 25565 ];
diff --git a/nix/gilgamesh/spigot.nix b/nix/modules/spigot-server.nix
similarity index 90%
rename from nix/gilgamesh/spigot.nix
rename to nix/modules/spigot-server.nix
index 8ba8eca..1dbf914 100644
--- a/nix/gilgamesh/spigot.nix
+++ b/nix/modules/spigot-server.nix
@@ -3,12 +3,11 @@ with lib;
 let
   ionos-dyndns = pkgs.callPackage ../packages/ionos-dyndns.nix {};
   spigot-server = pkgs.callPackage ../packages/spigot-server.nix {};
-  cfg = config.services.spigot;
-  name = "spigot";
+  cfg = config.services.spigot-server;
   StateDirectory = "spigot-server";
 in {
   options = {
-    services.spigot = {
+    services.spigot-server = {
       enable = mkOption {
         type = types.bool;
         default = false;
@@ -19,9 +18,9 @@ in {
 
       user = mkOption {
         type = types.str;
-        default = name;
+        default = "spigot-server";
         description = ''
-           The user account and group that Spigot runs as.
+          The user account and group that Spigot runs as.
         '';
       };
     };
@@ -29,14 +28,14 @@ in {
 
   config = mkIf cfg.enable {
     users.users = {
-      ${name} = {
+      ${cfg.user} = {
         isSystemUser = true;
-        group = name;
+        group = cfg.user;
         description = "Spigot Minecraft server user";
       };
     };
     users.groups = {
-      ${name} = {
+      ${cfg.user} = {
       };
     };