diff --git a/secrets.nix b/secrets.nix
index 172437c..c7a9245 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -22,6 +22,7 @@ in {
   "services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice];
 
   "services/forgejo/secrets/forgejoDBPass.age".publicKeys = [tbarnouin forgejo];
+  "secrets/forgejo-lapi-key.age".publicKeys = [tbarnouin forgejo];
 
   "services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [tbarnouin postgresql];
   "services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql];
diff --git a/secrets/forgejo-lapi-key.age b/secrets/forgejo-lapi-key.age
new file mode 100644
index 0000000..e9507ea
--- /dev/null
+++ b/secrets/forgejo-lapi-key.age
@@ -0,0 +1,13 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB4VGtJ
+UkVTZEFxYWoySEhYSE5wV1dRSnRvQU1PTE1zZEphQ0p6bDRobDBnCmFJWENjQWRV
+REt2Vk10MGpyQVdPa2ZkYVFCRjE0QzRBbzBYeHBuNFMzV3cKLT4gc3NoLWVkMjU1
+MTkgeHFteWpBIFFoSWRzbFREcVVqZmRiOVc4dmh5K1JHSTdVZ1preUZqYmltNS9H
+RVFCU00KVm9kc280Um92Zm5CelNma0tocldUM3dVWnpNNHlyMUtrOWNab1gvL2RY
+VQotPiBUP11DVVAyQS1ncmVhc2UgeSBnTWw0NiA8eyQzYmogKTR2YWZECjl0eUVj
+R0xaUU9JVVM3YmdJanIyY0lGdkJQLzJ3MjlpSzFkVnMrNjgKLS0tIDgxR0VPcURB
+QVdvNmExWmhiME84WGJvMWRvdkk3WXE2QU5KWDlMUEppeTgKMXBkE7U4ukLRVPd6
+kPY/317m8T6++gCVZLdUm7waz/7/XvTY2ZBLD4As8/N2WEUwTRhpzRsFLlq8nQed
+kSRfawqJzoRvlDdDoTYZdkeFTtq41IjnNecvcOXQu+L6e7hlN8m7L/IIZds3mfkK
+QUM6FoDNCNiYx2ZaOtLaYjCmsiSN83euLidycYqN+vb3W06GiNIWCQTHFR0=
+-----END AGE ENCRYPTED FILE-----
diff --git a/services/forgejo/default.nix b/services/forgejo/default.nix
index 44539d4..dc4187c 100644
--- a/services/forgejo/default.nix
+++ b/services/forgejo/default.nix
@@ -14,24 +14,49 @@ in {
     };
   };
   config = lib.mkIf cfg.enable {
-    age.secrets.forgejoDBPass.file = ./secrets/forgejoDBPass.age;
-    services.forgejo = {
-      enable = true;
-      package = pkgs.forgejo;
-      user = "tbarnouin";
-      settings = {
-        server.HTTP_PORT = 3000;
-        server.DISABLE_SSH = true;
-        server.ROOT_URL = "https://git.le43.eu";
-        service.DISABLE_REGISTRATION = true;
+    age.secrets = {
+      forgejo-lapi-key = {
+        file = ../../secrets/forgejo-lapi-key.age;
+        owner = "crowdsec";
       };
-      database = {
-        createDatabase = false;
-        type = "postgres";
-        host = "${cfg.pgsql_ip}";
-        name = "gitea";
-        user = "gitea";
-        passwordFile = config.age.secrets.forgejoDBPass.path;
+      forgejoDBPass.file = ./secrets/forgejoDBPass.age;
+    };
+    services = {
+      crowdsec = {
+        hub.collections = [
+          "LePresidente/gitea"
+        ];
+        settings.lapi.credentialsFile = "${config.age.secrets.forgejo-lapi-key.path}";
+        localConfig = {
+          acquisitions = [
+            {
+              source = "journalctl";
+              journalctl_filter = [ "_SYSTEMD_UNIT=forgejo.service" ];
+              labels = {
+                type = "syslog";
+              };
+            }
+          ];
+        };
+      };
+      forgejo = {
+        enable = true;
+        package = pkgs.forgejo;
+        user = "tbarnouin";
+        settings = {
+          server.HTTP_PORT = 3000;
+          server.DISABLE_SSH = true;
+          server.ROOT_URL = "https://git.le43.eu";
+          service.DISABLE_REGISTRATION = true;
+        };
+        database = {
+          createDatabase = false;
+          type = "postgres";
+          host = "${cfg.pgsql_ip}";
+          name = "gitea";
+          user = "gitea";
+          passwordFile = config.age.secrets.forgejoDBPass.path;
+        };
       };
     };
     networking.firewall.allowedTCPPorts = [3000];