diff --git a/host_vars/ind.mirror.pkgbuild.com b/host_vars/ind.mirror.pkgbuild.com
index 475aa37a104e92f91ed3efbe3e345cd4e2962287..476bb87219f43b96155709ed004843f9eb15d427 100644
--- a/host_vars/ind.mirror.pkgbuild.com
+++ b/host_vars/ind.mirror.pkgbuild.com
@@ -1,3 +1,4 @@
 ---
 mirror_domain: ind.mirror.pkgbuild.com
 archweb_mirrorcheck_locations: [10]
+arch32_mirror_domain: ind.mirror.archlinux32.org
diff --git a/host_vars/jpn.mirror.pkgbuild.com b/host_vars/jpn.mirror.pkgbuild.com
index 37269a5f16dff6a83a6b0f7e354bc984b950dd48..8646c31bd5c944e4e464b188f55b26aa48049225 100644
--- a/host_vars/jpn.mirror.pkgbuild.com
+++ b/host_vars/jpn.mirror.pkgbuild.com
@@ -1,3 +1,4 @@
 ---
 mirror_domain: jpn.mirror.pkgbuild.com
 archweb_mirrorcheck_locations: [8]
+arch32_mirror_domain: jpn.mirror.archlinux32.org
diff --git a/host_vars/mex.mirror.pkgbuild.com b/host_vars/mex.mirror.pkgbuild.com
index bdcbcc08d533c5bccc6114d6f7f8208ad92b306a..9ae138ee207327397d1434620eccf9538006bfd5 100644
--- a/host_vars/mex.mirror.pkgbuild.com
+++ b/host_vars/mex.mirror.pkgbuild.com
@@ -1,3 +1,4 @@
 ---
 mirror_domain: mex.mirror.pkgbuild.com
 archweb_mirrorcheck_locations: [7]
+arch32_mirror_domain: mex.mirror.archlinux32.org
diff --git a/host_vars/sgp.pkgbuild.com b/host_vars/sgp.pkgbuild.com
index 2396958fa0840c6050004b4c8b1828421af9b804..a72c709fee28a99f29f8da995a106391330fc297 100644
--- a/host_vars/sgp.pkgbuild.com
+++ b/host_vars/sgp.pkgbuild.com
@@ -3,3 +3,4 @@ mirror_domain: sgp.mirror.pkgbuild.com
 public_domain: sgp.pkgbuild.com
 archweb_mirrorcheck_locations: [9]
 archbuild_fs: 'btrfs'
+arch32_mirror_domain: sgp.mirror.archlinux32.org
diff --git a/playbooks/mirrors.yml b/playbooks/mirrors.yml
index bbefbfa94a55d6341e0a4fcbbaffb0efba6f427e..e35aac9b704d4597027ef4ad384fbd73f2244946 100644
--- a/playbooks/mirrors.yml
+++ b/playbooks/mirrors.yml
@@ -11,3 +11,4 @@
     - { role: syncrepo, tags: ['syncrepo', 'nginx'] }
     - { role: archweb, archweb_site: false, archweb_services: false, archweb_mirrorcheck: true, tags: ['archweb'] }
     - { role: zabbix-agent, tags: ["zabbix", "zabbix-agent"] }
+    - { role: arch32_mirror, tags: ['arch32_mirror', 'nginx'] }
diff --git a/roles/arch32_mirror/defaults/main.yml b/roles/arch32_mirror/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3efc3b60440c9480b15fad1056052898131b7230
--- /dev/null
+++ b/roles/arch32_mirror/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+arch32_mirror_dir: /srv/archlinux32
+arch32_mirror_source: rsync://mirror.archlinux32.org/archlinux32
+arch32_mirror_lastupdate: https://mirror.archlinux32.org/lastupdate
diff --git a/roles/arch32_mirror/handlers/main.yml b/roles/arch32_mirror/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f9ee6636586fd8066c42050e97a27c9130809a35
--- /dev/null
+++ b/roles/arch32_mirror/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: daemon reload
+  command: systemctl daemon-reload
diff --git a/roles/arch32_mirror/tasks/main.yml b/roles/arch32_mirror/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..08db1d36ffd76730cc4987933b413e0edf1b2413
--- /dev/null
+++ b/roles/arch32_mirror/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: create ssl cert
+  command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ arch32_mirror_domain }}' creates='/etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem'
+  when: 'arch32_mirror_domain is defined'
+
+- name: install rsync
+  pacman: name=rsync state=present
+
+- name: install syncrepo script
+  template: src=syncrepo_arch32 dest=/usr/local/bin/syncrepo_arch32 owner=root group=root mode=0755
+
+- name: install syncrepo units
+  template: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
+  with_items:
+    - syncrepo_arch32.timer
+    - syncrepo_arch32.service
+  notify:
+    - daemon reload
+
+- name: start and enable syncrepo unit
+  service: name={{ item }} enabled=yes state=started
+  with_items:
+    - syncrepo_arch32.timer
+
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ arch32_mirror_domain }} state=directory owner=root group=root mode=0755
+
+- name: set up nginx
+  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/syncrepo_arch32.conf owner=root group=root mode=0644
+  notify:
+    - reload nginx
+  when: 'arch32_mirror_domain is defined'
diff --git a/roles/arch32_mirror/templates/nginx.d.conf.j2 b/roles/arch32_mirror/templates/nginx.d.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..c00d4c5d0add0f76f9313887cfde7cb37cd5ad6b
--- /dev/null
+++ b/roles/arch32_mirror/templates/nginx.d.conf.j2
@@ -0,0 +1,29 @@
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ arch32_mirror_domain }};
+    root         {{ arch32_mirror_dir }};
+
+    access_log   /var/log/nginx/{{ arch32_mirror_domain }}/access.log;
+    error_log    /var/log/nginx/{{ arch32_mirror_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    autoindex on;
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ arch32_mirror_domain }};
+    root         {{ arch32_mirror_dir }};
+
+    access_log   /var/log/nginx/{{ arch32_mirror_domain }}/access.log;
+    error_log    /var/log/nginx/{{ arch32_mirror_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ arch32_mirror_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ arch32_mirror_domain }}/chain.pem;
+
+    autoindex on;
+}
diff --git a/roles/arch32_mirror/templates/syncrepo_arch32 b/roles/arch32_mirror/templates/syncrepo_arch32
new file mode 100755
index 0000000000000000000000000000000000000000..d2ce224782d42dd34411785f90783b6835738d8d
--- /dev/null
+++ b/roles/arch32_mirror/templates/syncrepo_arch32
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# This is a simple mirroring script. To save bandwidth it first checks a
+# timestamp via HTTP and only runs rsync when the timestamp differs from the
+# local copy. As of 2016, a single rsync run without changes transfers roughly
+# 6MiB of data which adds up to roughly 250GiB of traffic per month when rsync
+# is run every minute. Performing a simple check via HTTP first can thus save a
+# lot of traffic.
+
+target="{{ arch32_mirror_dir }}"
+tmp="/srv/syncrepo_arch32-tmp"
+lock="/var/lock/syncrepo_arch32.lck"
+
+# NOTE: You'll probably want to change this or set it to 0 to disable the limit
+# The default unit is KiB (see man rsync /--bwlimit for more)
+bwlimit=0
+
+# NOTE: Most people reading this very likely need to change this since
+# rsync.archlinux.org requires you to be a tier 1 mirror
+source='{{ arch32_mirror_source }}'
+lastupdate_url='{{ arch32_mirror_lastupdate }}'
+
+#### END CONFIG
+
+[ ! -d "${target}" ] && mkdir -p "${target}"
+[ ! -d "${tmp}" ] && mkdir -p "${tmp}"
+
+exec 9>"${lock}"
+flock -n 9 || exit
+
+rsync_cmd() {
+	local -a cmd=(rsync -rtlH --safe-links --delete-after ${VERBOSE} "--timeout=600" "--contimeout=60" -p \
+		--delay-updates --no-motd "--temp-dir=${tmp}")
+
+	if stty &>/dev/null; then
+		cmd+=(-h -v --progress)
+	else
+		cmd+=("--info=name1")
+	fi
+
+	if ((bwlimit>0)); then
+		cmd+=("--bwlimit=$bwlimit")
+	fi
+
+	"${cmd[@]}" "$@"
+}
+
+
+# if we are called without a tty (cronjob) only run when there are changes
+if ! tty -s && [[ -f "$target/lastupdate" ]] && diff -b <(curl -s "$lastupdate_url") "$target/lastupdate" >/dev/null; then
+	# keep lastsync file in sync for statistics generated by the Arch Linux website
+	rsync_cmd "$source/lastsync" "$target/lastsync"
+	exit 0
+fi
+
+rsync_cmd \
+	--exclude='*.links.tar.gz*' \
+	--exclude='/other' \
+	--exclude='/sources' \
+	"${source}" \
+	"${target}"
+
+#echo "Last sync was $(date -d @$(cat ${target}/lastsync))"
diff --git a/roles/arch32_mirror/templates/syncrepo_arch32.service b/roles/arch32_mirror/templates/syncrepo_arch32.service
new file mode 100644
index 0000000000000000000000000000000000000000..fbb0d2a2d83909b239770648034fb5d945b6e146
--- /dev/null
+++ b/roles/arch32_mirror/templates/syncrepo_arch32.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Synchronize archlinux32 package repository mirror
+RequiresMountsFor={{ arch32_mirror_dir }}
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/syncrepo_arch32
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
diff --git a/roles/arch32_mirror/templates/syncrepo_arch32.timer b/roles/arch32_mirror/templates/syncrepo_arch32.timer
new file mode 100644
index 0000000000000000000000000000000000000000..425b6a402e91346b950ffa7b316096c2b564497a
--- /dev/null
+++ b/roles/arch32_mirror/templates/syncrepo_arch32.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Minutely archlinux32 repository sync
+
+[Timer]
+OnCalendar=minutely
+AccuracySec=1m
+Persistent=true
+
+[Install]
+WantedBy=timers.target