diff --git a/group_vars/mirrors/mirrorsync.yml b/group_vars/mirrors/mirrorsync.yml
index 2db497cf05e9b5156d0616add2372bb7df43eada..19311eda76d33ddee32c37f155e6747d3c21aafc 100644
--- a/group_vars/mirrors/mirrorsync.yml
+++ b/group_vars/mirrors/mirrorsync.yml
@@ -1,7 +1,7 @@
 mirrorsync_mirrors:
   archive:
     hosts: "{{ groups['archive_mirrors'] }}"
-    source: rsync://archive.archlinux.org/archive
+    source: rsync://{{ hostvars['gemini.archlinux.org']['wireguard_address'] }}/archive
     target: /srv/archive
     last_update_url: https://archive.archlinux.org/repos/last/lastupdate
     last_update_dst: lastupdate
diff --git a/roles/archive/tasks/main.yml b/roles/archive/tasks/main.yml
index 001f853e1a3bd94557d3890c1f2afd368524b679..238c267af8225d42ca3be160f83432d3d0253575 100644
--- a/roles/archive/tasks/main.yml
+++ b/roles/archive/tasks/main.yml
@@ -1,5 +1,5 @@
-- name: Install archivetools package
-  pacman: name=archivetools state=present
+- name: Install archivetools and rsync
+  pacman: name=archivetools,rsync state=present
 
 - name: Make archive dir
   file:
@@ -38,6 +38,19 @@
   become: true
   become_user: "{{ archive_user_name }}"
 
+- name: Install rsyncd config
+  template: src=rsyncd.conf.j2 dest=/etc/rsyncd.conf owner=root group=root mode=0644
+
+- name: Start and enable rsyncd.socket
+  service: name=rsyncd.socket enabled=yes state=started
+
+- name: Open rsyncd ipv4 port for the archive mirrors
+  ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
+    rich_rule="rule family=ipv4 source address={{ hostvars[item]['wireguard_address'] }} port protocol=tcp port=873 accept"
+  loop: "{{ groups['archive_mirrors'] }}"
+  tags:
+    - firewall
+
 - name: Install system service
   template: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
   loop:
diff --git a/roles/archive/templates/rsyncd.conf.j2 b/roles/archive/templates/rsyncd.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ad8b2bb3f27bb89bfe0e07fb2d87c707f01ff0e4
--- /dev/null
+++ b/roles/archive/templates/rsyncd.conf.j2
@@ -0,0 +1,7 @@
+use chroot = no
+syslog facility = local5
+
+[archive]
+	path = /srv/archive
+	comment = archive
+	hosts allow = {{ groups['archive_mirrors'] | map('extract', hostvars, ['wireguard_address']) | join(' ') }}