diff --git a/agenix/hosts/argon/config.nix b/agenix/hosts/argon/config.nix
index 2d28c68..fced707 100644
--- a/agenix/hosts/argon/config.nix
+++ b/agenix/hosts/argon/config.nix
@@ -10,14 +10,15 @@
       group = "acme";
     };
 
-    cfdyndns-api-token = {
-      file = ./cfdyndns/apiToken.age;
-    };
-
     tailscale-authkey = {
       file = ./tailscale/authkey.age;
     };
 
+    controld-config = {
+      file = ./controld/config.age;
+      path = "/var/lib/controld/ctrld.toml";
+    };
+
     adguardhome-sync-environment = {
       file = ./adguardhome-sync/environment.age;
     };
diff --git a/agenix/hosts/argon/controld/config.age b/agenix/hosts/argon/controld/config.age
new file mode 100644
index 0000000..c0e27b4
Binary files /dev/null and b/agenix/hosts/argon/controld/config.age differ
diff --git a/agenix/hosts/mediaserver/config.nix b/agenix/hosts/mediaserver/config.nix
index 6714fdf..0279fdf 100644
--- a/agenix/hosts/mediaserver/config.nix
+++ b/agenix/hosts/mediaserver/config.nix
@@ -22,6 +22,11 @@
       file = ./wireguard/config.age;
     };
 
+    controld-config = {
+      file = ./controld/config.age;
+      path = "/var/lib/controld/ctrld.toml";
+    };
+
     tubearchivist-environment-ta = {
       file = ./tubearchivist/environmentTA.age;
     };
diff --git a/agenix/hosts/mediaserver/controld/config.age b/agenix/hosts/mediaserver/controld/config.age
new file mode 100644
index 0000000..c37af7c
Binary files /dev/null and b/agenix/hosts/mediaserver/controld/config.age differ
diff --git a/agenix/hosts/neon/controld/config.age b/agenix/hosts/neon/controld/config.age
index 92c814b..383af2e 100644
Binary files a/agenix/hosts/neon/controld/config.age and b/agenix/hosts/neon/controld/config.age differ
diff --git a/agenix/hosts/tanker/weewx/config.age b/agenix/hosts/tanker/weewx/config.age
index 601b4f6..9b4117a 100644
Binary files a/agenix/hosts/tanker/weewx/config.age and b/agenix/hosts/tanker/weewx/config.age differ
diff --git a/secrets.nix b/secrets.nix
index fda8f1e..a8976c6 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -77,6 +77,8 @@ in
 
   "agenix/hosts/mediaserver/wireguard/config.age".publicKeys = mediaserver;
 
+  "agenix/hosts/mediaserver/controld/config.age".publicKeys = mediaserver;
+
   "agenix/hosts/mediaserver/tubearchivist/environmentTA.age".publicKeys = mediaserver;
 
   "agenix/hosts/mediaserver/tubearchivist/environmentES.age".publicKeys = mediaserver;
@@ -94,6 +96,8 @@ in
 
   "agenix/hosts/argon/cfdyndns/apiToken.age".publicKeys = argon;
 
+  "agenix/hosts/argon/controld/config.age".publicKeys = argon;
+
   "agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
 
   "agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
diff --git a/system/hosts/argon.nix b/system/hosts/argon.nix
index 0f964f3..bcddabb 100644
--- a/system/hosts/argon.nix
+++ b/system/hosts/argon.nix
@@ -19,13 +19,12 @@ in
     ../nixos/nginx.nix
     ../nixos/nginx-argon.nix
 
-    (import ../nixos/adguardhome.nix (args // { inherit secret; }))
-    #(import ../nixos/cfdyndns.nix (args // { inherit secret; }))
-
     ../nixos/attic.nix
 
     ../nixos/chrony.nix
 
+    (import ../nixos/controld.nix (args // { podmanDNS = false; }))
+
     (import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
 
     ../nixos/tailscale-router.nix
@@ -38,7 +37,6 @@ in
     ../nixos/weewx-proxy.nix
 
     ../nixos/container.nix
-    ../nixos/adguardhome-sync.nix
     ../nixos/homebridge.nix
   ];
 
diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix
index e99d9df..60c13fa 100644
--- a/system/hosts/mediaserver.nix
+++ b/system/hosts/mediaserver.nix
@@ -19,10 +19,10 @@ in
     ../nixos/nginx-mediaserver.nix
     ../nixos/postgresql.nix
 
-    (import ../nixos/adguardhome.nix (args // { inherit secret; }))
-
     ../nixos/attic.nix
 
+    (import ../nixos/controld.nix (args // { podmanDNS = true; }))
+
     ../nixos/ddg.nix
 
     ../nixos/tailscale-router.nix
diff --git a/system/nixos/controld.nix b/system/nixos/controld.nix
index aeb2f85..4537e0f 100644
--- a/system/nixos/controld.nix
+++ b/system/nixos/controld.nix
@@ -7,7 +7,7 @@
       startLimitIntervalSec = 5;
       startLimitBurst = 10;
       serviceConfig = {
-        ExecStart = "${pkgs.controld}/bin/ctrld run -vvvv";
+        ExecStart = "${pkgs.controld}/bin/ctrld run";
         WorkingDirectory = "/var/lib/controld";
         RestartSec = 120;
         LimitMEMLOCK = "infinity";