diff --git a/services/crowdsec-firewall-bouncer.nix b/services/crowdsec-firewall-bouncer.nix
new file mode 100644
index 0000000..091f1d2
--- /dev/null
+++ b/services/crowdsec-firewall-bouncer.nix
@@ -0,0 +1,30 @@
+# Module: services/crowdsec-firewall-bouncer
+# Enrolls a traefik bouncer with the crowdsec console
+{
+  config,
+  lib,
+  pkgs,
+  pkgsUnstable,
+  inputs,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.crowdsec-firewall-bouncer;
+  lapiHost = "log-01.tail755c5.ts.net:8080";
+in
+{
+  #imports = [ "${pkgsUnstable.path}/nixos/modules/services/security/crowdsec.nix" ];
+
+  options.crowdsec-firewall-bouncer = {
+    enable = mkEnableOption "Enables traefik bouncer for a specified crowdsec instance";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgsUnstable; [
+      crowdsec-firewall-bouncer
+    ];
+  };
+}
diff --git a/services/crowdsec-traefik-bouncer.nix b/services/crowdsec-traefik-bouncer.nix
index 0bbeb83..f06a7e0 100644
--- a/services/crowdsec-traefik-bouncer.nix
+++ b/services/crowdsec-traefik-bouncer.nix
@@ -13,9 +13,6 @@ with lib;
 
 let
   cfg = config.crowdsec-traefik-bouncer;
-  crowdsecListenAddress = "0.0.0.0";
-  crowdsecPort = "8080";
-  crowdsecPrometheusPort = "6060";
   pluginVersion = "v1.4.5";
   lapiHost = "log-01.tail755c5.ts.net:8080";
   wafHost = "log-01.tail755c5.ts.net:7422";
diff --git a/services/services.nix b/services/services.nix
index 22516e4..58cc999 100644
--- a/services/services.nix
+++ b/services/services.nix
@@ -11,6 +11,7 @@
 {
   imports = [
     ./crowdsec.nix
+    ./crowdsec-firewall-bouncer.nix
     ./crowdsec-traefik-bouncer.nix
     ./docker.nix
     ./healthchecks.nix
@@ -22,6 +23,7 @@
   ];
 
   crowdsec.enable = lib.mkDefault false;
+  crowdsec-firewall-bouncer.enable = lib.mkDefault false;
   crowdsec-traefik-bouncer.enable = lib.mkDefault false;
   docker.enable = lib.mkDefault false;
   healthchecks.enable = lib.mkDefault false;