diff --git a/roles/dbscripts/templates/rsyncd.conf.proto.j2 b/roles/dbscripts/templates/rsyncd.conf.proto.j2
index 715cb55916d9040d774e2903e154fa6f6e9f5c45..81c2c1087260d194243489eb9f455139924ebebe 100644
--- a/roles/dbscripts/templates/rsyncd.conf.proto.j2
+++ b/roles/dbscripts/templates/rsyncd.conf.proto.j2
@@ -91,6 +91,15 @@ hosts deny = *
 	secrets file = /etc/rsyncd.secrets
 	max connections = 0
 
+# Debug repositories
+[debug_packages]
+	path = /srv/ftp
+	comment =  debug packages
+	exclude = *
+	include = /pool /pool/*-debug/***
+	hosts allow = {{ hostvars['debuginfod.archlinux.org']['ipv4_address'] }} {{ hostvars['debuginfod.archlinux.org']['ipv6_address'] }}
+	max connections = 0
+
 # Individual repositories
 [core]
 	path = /srv/ftp/core
diff --git a/roles/syncdebug/files/syncdebug b/roles/syncdebug/files/syncdebug
new file mode 100755
index 0000000000000000000000000000000000000000..a1d41bd3ed9a59c590cd2ef8453871227457e7d0
--- /dev/null
+++ b/roles/syncdebug/files/syncdebug
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+target="/srv/ftp"
+lock="/var/lock/syncdebug.lck"
+source_url='rsync://rsync.archlinux.org/debug_packages'
+lastupdate_url='https://rsync.archlinux.org/lastupdate'
+
+[ ! -d "${target}" ] && mkdir -p "${target}"
+
+exec 9>"${lock}"
+flock -n 9 || exit
+
+rsync_cmd() {
+	local -a cmd=(rsync -rlptH --safe-links --delete-delay --delay-updates
+		"--timeout=600" "--contimeout=60" --no-motd)
+
+	if stty &>/dev/null; then
+		cmd+=(-h -v --progress)
+	else
+		cmd+=("--info=name1")
+	fi
+
+	"${cmd[@]}" "$@"
+}
+
+# if we are called without a tty (cronjob) only run when there are changes
+if ! tty -s && [[ -f "$target/lastupdate" ]] && diff -b <(curl -Ls "$lastupdate_url") "$target/lastupdate" >/dev/null; then
+	exit 0
+fi
+
+rsync_cmd \
+    --exclude=".well-known" \
+	"${source_url}" \
+	"${target}"
diff --git a/roles/syncdebug/files/syncdebug.service b/roles/syncdebug/files/syncdebug.service
new file mode 100644
index 0000000000000000000000000000000000000000..48d1c40fc98e10eeadd7d8ee3b9940b9a3268975
--- /dev/null
+++ b/roles/syncdebug/files/syncdebug.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Synchronize debug packages
+RequiresMountsFor=/srv/ftp
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/syncdebug
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
diff --git a/roles/syncdebug/files/syncdebug.timer b/roles/syncdebug/files/syncdebug.timer
new file mode 100644
index 0000000000000000000000000000000000000000..c4288b8a7e6f307b7e6760ce5ba274f00cc275c4
--- /dev/null
+++ b/roles/syncdebug/files/syncdebug.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Sync debug packages every 4 hours
+
+[Timer]
+OnCalendar=00/4:00
+AccuracySec=1m
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/syncdebug/tasks/main.yml b/roles/syncdebug/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0220b069986e9402fdbe919a79ddd3077f5ce83f
--- /dev/null
+++ b/roles/syncdebug/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: install rsync
+  pacman: name=rsync state=present
+
+- name: install syncdebug script
+  copy: src=syncdebug dest=/usr/local/bin/syncdebug owner=root group=root mode=0755
+
+- name: install syncdebug units
+  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
+  with_items:
+    - syncdebug.timer
+    - syncdebug.service
+
+- name: start and enable syncdebug units
+  systemd:
+    name: "{{ item }}"
+    enabled: true
+    state: started
+    daemon_reload: true
+  with_items:
+    - syncdebug.timer