diff --git a/configs/nixos/plover/modules/default.nix b/configs/nixos/plover/modules/default.nix
index 15046fbb..e85a330d 100644
--- a/configs/nixos/plover/modules/default.nix
+++ b/configs/nixos/plover/modules/default.nix
@@ -30,6 +30,7 @@
     ./services/fail2ban.nix
     ./services/gitea.nix
     ./services/grafana.nix
+    ./services/crowdsec.nix
     ./services/monitoring.nix
     ./services/vouch-proxy.nix
     ./services/vaultwarden.nix
diff --git a/configs/nixos/plover/modules/services/crowdsec.nix b/configs/nixos/plover/modules/services/crowdsec.nix
new file mode 100644
index 00000000..0d34376f
--- /dev/null
+++ b/configs/nixos/plover/modules/services/crowdsec.nix
@@ -0,0 +1,22 @@
+{ config, lib, ... }:
+
+let
+  hostCfg = config.hosts.plover;
+  cfg = hostCfg.services.crowdsec;
+in
+{
+  options.hosts.plover.services.crowdsec.enable =
+    lib.mkEnableOption "Crowdsec service";
+
+  config = lib.mkIf cfg.enable {
+    services.crowdsec = {
+      enable = true;
+      settings = {
+        common = {
+          daemonize = false;
+          log_media = "stdout";
+        };
+      };
+    };
+  };
+}