diff --git a/group_vars/all/archweb.yml b/group_vars/all/archweb.yml
new file mode 100644
index 0000000000000000000000000000000000000000..72d63ecf1e9f4c899bba71902d97f5fc5066b24a
--- /dev/null
+++ b/group_vars/all/archweb.yml
@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+32336337623936643161653739636138303332326366363963393436396465633137616266653463
+3663343535306333323332366338623463363030663534630a326336333065633333333230663130
+32656537326537313336343136316338346464386237626230663236343865336562363562363739
+6163396332343032340a653739353436656139396336623539643431366462363164646361336436
+36316238336535323864383537613964373666656465636562613530356566303139383230643761
+65663030323464623230626330633538303436363664383839623334333837666435323466666638
+64353061613234373966636266613763366364386334323333663933616534333937396539376562
+38623139323463336363
diff --git a/group_vars/all/postgres.yml b/group_vars/all/postgres.yml
index cbe49315f99110df961261548fee38355a80f891..5ffb5f79d6b5e154fb4aa6e23ef2c7ee876e9569 100644
--- a/group_vars/all/postgres.yml
+++ b/group_vars/all/postgres.yml
@@ -1,8 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
-36666131373264613664663533333232343233306332663433303930333063643539656232353735
-3637393832313138323238646166336531363837313731630a393035643830626464316239326131
-66356665636131346639383733616631316664313331396538376663353832323133333134623833
-3038336638346361660a626637336430303036343631666365316339643732356362643133663363
-37316531383534343361393338616332323232376332323339366338663063643238666539646330
-63343466363930326238356334656636663363363166373561393131303435353461366237623233
-356262383565623262343836623666663232
+66316639393734333962323264376164626437356233663165303536373661643566383463663230
+3733646361633362356465363839326133623739343664360a353832303138343537366661653333
+33363631343830613937323336383766343035353166336663316335616335316466343835306463
+3862306265383864310a313439353937376436386565343334303364376134333633313735323864
+33633665616331313932326563376565363133376438633665343932636461316530666434656236
+62313332383437383964346332653035383834343132626631396639643262353031656538643134
+66383132313837316563656630666663333166346130646334343639643462643131656533363635
+63316162303862346134633961323538623934363836313731646336623339333138376436623933
+3962
diff --git a/playbooks/orion.yml b/playbooks/orion.yml
index 4a939c085c88799947a0f10b5dd1d1035b6deb70..e1cac193f770a0fed5ac876b18152551600856b8 100644
--- a/playbooks/orion.yml
+++ b/playbooks/orion.yml
@@ -15,3 +15,4 @@
     - { role: nginx, tags: ["nginx"] }
     - { role: dbscripts, repos_domain: "repos.archlinux.org" }
     - sudo
+    - { role: archweb, archweb_home: "/srv/http/archweb" }
diff --git a/roles/archweb/files/archweb-mirrorcheck.service b/roles/archweb/files/archweb-mirrorcheck.service
new file mode 100644
index 0000000000000000000000000000000000000000..d5825f977795c6b8404e88866602ff904a2ec035
--- /dev/null
+++ b/roles/archweb/files/archweb-mirrorcheck.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=archewb mirrorcheck
+After=network.target
+
+[Service]
+Type=oneshot
+User=archweb
+WorkingDirectory=/srv/http/archweb
+ExecStart=/srv/http/archweb/env/bin/python manage.py mirrorcheck --location 3
+ExecStart=/srv/http/archweb/env/bin/python manage.py mirrorcheck --location 4
+Nice=5
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/archweb/files/archweb-mirrorcheck.timer b/roles/archweb/files/archweb-mirrorcheck.timer
new file mode 100644
index 0000000000000000000000000000000000000000..b3ef3ed9a85f939c3e7d3c4e3237ac59d6bfc90b
--- /dev/null
+++ b/roles/archweb/files/archweb-mirrorcheck.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=archweb mirrorcheck
+
+[Timer]
+OnUnitActiveSec=1h
+OnBootSec=10min
+RandomizedDelaySec=5min
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/archweb/files/archweb-reporead.service b/roles/archweb/files/archweb-reporead.service
new file mode 100644
index 0000000000000000000000000000000000000000..d48058a7184d197e19c9bbe7faea3f1713d3935d
--- /dev/null
+++ b/roles/archweb/files/archweb-reporead.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=archweb reporead
+After=network.target
+
+[Service]
+User=archweb
+WorkingDirectory=/srv/http/archweb
+ExecStart=/srv/http/archweb/env/bin/python manage.py reporead_inotify
+Restart=on-failure
+Nice=5
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/archweb/handlers/main.yml b/roles/archweb/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f9ee6636586fd8066c42050e97a27c9130809a35
--- /dev/null
+++ b/roles/archweb/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: daemon reload
+  command: systemctl daemon-reload
diff --git a/roles/archweb/tasks/main.yml b/roles/archweb/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..752940663c92b54674eef634d8c7115a794df7dc
--- /dev/null
+++ b/roles/archweb/tasks/main.yml
@@ -0,0 +1,46 @@
+---
+
+- name: install git
+  pacman: name=git,python2,python2-virtualenv state=present
+
+- name: make archweb uesr
+  user: name=archweb shell=/bin/false home="{{ archweb_home }}" createhome=no
+
+- name: fix home permissions
+  file: state=directory owner=archweb group=archweb path="{{ archweb_home }}"
+
+- name: clone archweb repo
+  git: repo=git://git.archlinux.org/archweb.git dest="{{ archweb_home }}"
+  become: true
+  become_user: archweb
+
+- name: make virtualenv
+  command: virtualenv2 "{{ archweb_home }}"/env
+  become: true
+  become_user: archweb
+
+- name: install stuff into virtualenv
+  pip: requirements="{{ archweb_home }}/requirements_prod.txt" virtualenv="{{ archweb_home }}/env"
+  become: true
+  become_user: archweb
+
+- name: fix home permissions
+  file: state=directory owner=archweb group=archweb path="{{ archweb_home }}"
+
+- name: copy archweb-reporead.service
+  copy: src="{{ item }}" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
+  with_items:
+    - archweb-reporead.service
+    - archweb-mirrorcheck.service
+    - archweb-mirrorcheck.timer
+  notify:
+    - daemon reload
+
+- name: configure archweb
+  template: src=local_settings.py.j2 dest=/srv/http/archweb/local_settings.py owner=archweb group=archweb mode=660
+
+- name: start and enable archweb services
+  service: name="{{ item }}" enabled=yes state=started
+  with_items:
+    - archweb-reporead.service
+    - archweb-mirrorcheck.timer
diff --git a/roles/archweb/templates/local_settings.py.j2 b/roles/archweb/templates/local_settings.py.j2
new file mode 100644
index 0000000000000000000000000000000000000000..39706163588445073a44006c41bb90eb75c3d4e2
--- /dev/null
+++ b/roles/archweb/templates/local_settings.py.j2
@@ -0,0 +1,28 @@
+# Django settings for archlinux project.
+
+
+## Database settings
+DATABASES = {
+    'default': {
+        'ENGINE'  : 'django.db.backends.postgresql_psycopg2',
+        'NAME'    : 'archweb',
+        'USER'    : 'archweb_update',
+        'PASSWORD': '{{ postgres_users.archweb_update }}',
+        'HOST'    : 'gudrun.archlinux.org',
+        'OPTIONS' : {
+            'autocommit': True,
+            'application_name': 'archweb',
+            'sslmode': 'require',
+        }
+    }
+}
+
+## Make this unique, and don't share it with anybody.
+SECRET_KEY = '{{ archweb_secret_key }}'
+
+## Cache settings
+CACHE_BACKEND = 'memcached://gudrun.archlinux.org:11211'
+CACHE_MIDDLEWARE_SECONDS = 300
+CACHE_MIDDLEWARE_KEY_PREFIX = 'arch'
+
+# vim: set ts=4 sw=4 et: