diff --git a/.gitignore b/.gitignore
index f50ea04..069d357 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 traefik/dynamic.yml
 traefik/static.yml
 crowdsec/acquis.yaml
+traefik/acquis.yaml
diff --git a/traefik/stack.yml b/traefik/stack.yml
index e7fc72f..0d06ecd 100644
--- a/traefik/stack.yml
+++ b/traefik/stack.yml
@@ -28,7 +28,43 @@ services:
       replicas: 1
       placement:
         constraints:
-          - node.labels.task == control
+        - node.labels.task == control
+
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    environment:
+    # Disable online API enrollment (use for local setup)
+    - DISABLE_ONLINE_API=false
+    # Set collections to install
+    - COLLECTIONS=crowdsecurity/traefik crowdsecurity/http-cve
+    # Enable Prometheus metrics
+    - METRICS_PORT=6060
+    volumes:
+    # Persistent CrowdSec configuration and data
+    - /home/doc/projects/swarm-data/crowdsec/config:/etc/crowdsec
+    - /home/doc/projects/swarm-data/crowdsec/data:/var/lib/crowdsec/data
+    # Traefik access logs (read-only)
+    - /home/doc/projects/swarm-data/traefik/logs:/var/log/traefik:ro
+    # Acquis configuration
+    - ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro
+    networks:
+    - frostlabs
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints:
+        - node.labels.task == control
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 3
+    healthcheck:
+      test: [ "CMD", "cscli", "version" ]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
 
 networks:
   frostlabs: