diff --git a/kyra/services/crowdsec.nix b/kyra/services/crowdsec.nix
new file mode 100644
index 0000000..5a35464
--- /dev/null
+++ b/kyra/services/crowdsec.nix
@@ -0,0 +1,51 @@
+_: {
+  services = {
+    crowdsec = {
+      enable = true;
+      settings = {
+        hub = {
+          collections = [
+            "crowdsecurity/linux"
+            "crowdsecurity/traefik"
+            "crowdsecurity/http-dos"
+            "crowdsecurity/cloudflare"
+          ];
+        };
+
+        acquisitions = [
+          {
+            source = "journalctl";
+
+            journalctl_filter = [
+              "_SYSTEMD_UNIT=traefik.service"
+            ];
+
+            labels = {
+              type = "traefik";
+            };
+          }
+
+          {
+            source = "journalctl";
+
+            journalctl_filter = [
+              "_SYSTEMD_UNIT=sshd.service"
+            ];
+
+            labels = {
+              type = "syslog";
+            };
+          }
+        ];
+      };
+    };
+
+    crowdsec-firewall-bouncer = {
+      enable = true;
+
+      settings = {
+        mode = "firewalld";
+      };
+    };
+  };
+}