diff --git a/common/ssh-keys.nix b/common/ssh-keys.nix
index a63ea11..b77ec31 100644
--- a/common/ssh-keys.nix
+++ b/common/ssh-keys.nix
@@ -3,6 +3,7 @@
     bagel-box = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsO4bNqY04uG13Pg3ubHfRDssTphDLzZ4YUniE5/p+M";
     meta01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5t9gYorOWgpCFDJgb24pyCKIabGpeI2H/UfdvXODcT";
     gerrit01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+eSZu+u9sCynrMlsmFzQHLIELQAuVg0Cs1pBvwb4+A";
+    fodwatch = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRyTNfvKl5FcSyzGzw+h+bNFNOxdhvI67WdUZ2iIJ1L";
   };
 
   users = {
diff --git a/flake.nix b/flake.nix
index c1684d9..a821aed 100644
--- a/flake.nix
+++ b/flake.nix
@@ -108,6 +108,17 @@
           ./hosts/cl.forkos.org
         ];
       };
+
+      fodwatch = {
+        imports = [
+          inputs.agenix.nixosModules.default
+          inputs.hydra.nixosModules.hydra
+
+          ./services
+          ./common
+          ./hosts/fodwatch.forkos.org
+        ];
+      };
     };
   };
 }
diff --git a/hosts/fodwatch.forkos.org/default.nix b/hosts/fodwatch.forkos.org/default.nix
new file mode 100755
index 0000000..9eede50
--- /dev/null
+++ b/hosts/fodwatch.forkos.org/default.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  networking.hostName = "fodwatch";
+  networking.domain = "infra.forkos.org";
+
+  time.timeZone = "Europe/Paris";
+
+  bagel.sysadmin.enable = true;
+  # Fodwatch will be proxied.
+  bagel.raito.v6-proxy-awareness.enable = true;
+  bagel.hardware.raito-vm = {
+    enable = true;
+    networking = {
+      nat-lan-mac = "BC:24:11:F2:17:F8";
+      wan = {
+        address = "2001:bc8:38ee:100:1000::30/64";
+        mac = "BC:24:11:69:74:D0";
+      };
+    };
+  };
+
+  bagel.meta.monitoring.address = "fodwatch.infra.forkos.org";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  system.stateVersion = "24.05";
+  deployment.targetHost = "fodwatch.infra.forkos.org";
+}