diff --git a/pkgs/tools/security/crowdsec/default.nix b/pkgs/tools/security/crowdsec/default.nix
new file mode 100644
index 000000000000..ce76c5d9b450
--- /dev/null
+++ b/pkgs/tools/security/crowdsec/default.nix
@@ -0,0 +1,60 @@
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
+
+buildGoModule rec {
+  pname = "crowdsec";
+  version = "1.4.2";
+
+  src = fetchFromGitHub {
+    owner = "crowdsecurity";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-hL3+hTOuwcbxiVZeq9oZjfKI1TJJt64g+74NolA3Drc=";
+  };
+
+  vendorHash = "sha256-FPsoufB9UDgBDIE3yUq4doBse3qgjP19ussYnMAxntk=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  subPackages = [
+    "cmd/crowdsec"
+    "cmd/crowdsec-cli"
+  ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=v${version}"
+    "-X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=1970-01-01_00:00:00"
+  ];
+
+  postBuild = "mv $GOPATH/bin/{crowdsec-cli,cscli}";
+
+  postInstall = ''
+    mkdir -p $out/share/crowdsec
+    cp -r ./config $out/share/crowdsec/
+
+    installShellCompletion --cmd cscli \
+      --bash <($out/bin/cscli completion bash) \
+      --fish <($out/bin/cscli completion fish) \
+      --zsh <($out/bin/cscli completion zsh)
+  '';
+
+  meta = with lib; {
+    homepage = "https://crowdsec.net/";
+    changelog = "https://github.com/crowdsecurity/crowdsec/releases/tag/v${version}";
+    description = "CrowdSec is a free, open-source and collaborative IPS";
+    longDescription = ''
+      CrowdSec is a free, modern & collaborative behavior detection engine,
+      coupled with a global IP reputation network. It stacks on fail2ban's
+      philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok
+      patterns to parse logs and YAML scenario to identify behaviors. CrowdSec
+      is engineered for modern Cloud/Containers/VM based infrastructures (by
+      decoupling detection and remediation). Once detected you can remedy
+      threats with various bouncers (firewall block, nginx http 403, Captchas,
+      etc.) while the aggressive IP can be sent to CrowdSec for curation before
+      being shared among all users to further improve everyone's security.
+    '';
+    license = licenses.mit;
+    maintainers = with maintainers; [ jk urandom ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 86313b938dfa..68b58e86355a 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3681,6 +3681,8 @@ with pkgs;
 
   crossplane = with python3Packages; toPythonApplication crossplane;
 
+  crowdsec = callPackage ../tools/security/crowdsec { };
+
   crunch = callPackage ../tools/security/crunch { };
 
   crudini = callPackage ../tools/misc/crudini { };