diff --git a/playbooks/gemini.archlinux.org.yml b/playbooks/gemini.archlinux.org.yml
index db2ebfc4f005c2ddfa4480a03545aa8335dc62b8..f3493934606a8e4afeabf0a812575a802e7ff664 100644
--- a/playbooks/gemini.archlinux.org.yml
+++ b/playbooks/gemini.archlinux.org.yml
@@ -18,6 +18,7 @@
     - { role: nginx }
     - { role: archusers }
     - { role: dbscripts, repos_domain: "repos.archlinux.org", repos_rsync_domain: "rsync.archlinux.org", svntogit_repos: "/srv/svntogit/repos", postgres_ssl: 'on', tags: ['archusers'] }
+    - { role: arch_boxes_sync }
     - { role: archweb, archweb_site: false, archweb_services: true, archweb_mirrorcheck_locations: [5, 6] }
     - { role: sources, sources_domain: "sources.archlinux.org", sources_dir: "/srv/sources" }
     - { role: archive }
diff --git a/roles/arch_boxes_sync/files/arch-boxes-sync.service b/roles/arch_boxes_sync/files/arch-boxes-sync.service
new file mode 100644
index 0000000000000000000000000000000000000000..cff90390d7620fbf43612e929af25be9a26b24bf
--- /dev/null
+++ b/roles/arch_boxes_sync/files/arch-boxes-sync.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Sync arch-boxes releases
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/arch-boxes-sync
diff --git a/roles/arch_boxes_sync/files/arch-boxes-sync.sh b/roles/arch_boxes_sync/files/arch-boxes-sync.sh
new file mode 100755
index 0000000000000000000000000000000000000000..902a56aed26fd25b4c81f1beefd694e1de05b298
--- /dev/null
+++ b/roles/arch_boxes_sync/files/arch-boxes-sync.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+set -o nounset -o errexit -o pipefail
+# https://docs.gitlab.com/ee/api/README.html#namespaced-path-encoding
+readonly PROJECT_ID="archlinux%2Farch-boxes"
+readonly JOB_NAME="build:secure"
+readonly ARCH_BOXES_PATH="/srv/ftp/images"
+readonly MAX_RELEASES="6" # 3 months
+
+RELEASES="$(curl --silent --show-error --fail "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/releases")"
+LATEST_RELEASE_TAG="$(jq -r .[0].tag_name <<< "${RELEASES}")"
+
+if [[ -d ${ARCH_BOXES_PATH}/${LATEST_RELEASE_TAG} ]]; then
+  echo "Nothing to do"
+  exit
+fi
+echo "Adding release: ${LATEST_RELEASE_TAG}"
+
+readonly TMPDIR="$(mktemp --directory --tmpdir="/var/tmp")"
+trap "rm -rf \"${TMPDIR}\"" EXIT
+cd "${TMPDIR}"
+
+curl --silent --show-error --fail --output "output.zip" "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/jobs/artifacts/${LATEST_RELEASE_TAG}/download?job=${JOB_NAME}"
+mkdir "${LATEST_RELEASE_TAG}"
+unzip output.zip
+# People should download the vagrant images from Vagrant Cloud
+rm output/*.box{,.*}
+mv output/* "${LATEST_RELEASE_TAG}"
+
+mv "${LATEST_RELEASE_TAG}" "${ARCH_BOXES_PATH}/"
+ln -sf "${LATEST_RELEASE_TAG}" "${ARCH_BOXES_PATH}/latest"
+
+echo "Removing old releases"
+cd "${ARCH_BOXES_PATH}"
+comm --output-delimiter="" -3 <({ ls | grep -v latest | sort -r | head -n "${MAX_RELEASES}"; echo latest; } | sort) <(ls | sort) | xargs --no-run-if-empty rm -rvf
diff --git a/roles/arch_boxes_sync/files/arch-boxes-sync.timer b/roles/arch_boxes_sync/files/arch-boxes-sync.timer
new file mode 100644
index 0000000000000000000000000000000000000000..dec9d8d838ed8abad59414d1161c3d0884edc340
--- /dev/null
+++ b/roles/arch_boxes_sync/files/arch-boxes-sync.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Sync arch-boxes releases hourly
+
+[Timer]
+OnCalendar=hourly
+RandomizedDelaySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/arch_boxes_sync/tasks/main.yml b/roles/arch_boxes_sync/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0f2eacc1a170f92dcf69d28b5a867e49933a4979
--- /dev/null
+++ b/roles/arch_boxes_sync/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: install arch-boxes-sync.sh script dependencies
+  pacman: name=curl,jq,unzip state=present
+
+- name: install arch-boxes-sync.sh script
+  copy: src=arch-boxes-sync.sh dest=/usr/local/bin/ owner=root group=root mode=0755
+
+- name: install arch-boxes-sync.{service,timer}
+  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
+  loop:
+    - arch-boxes-sync.service
+    - arch-boxes-sync.timer
+  notify:
+    - daemon reload
+
+- name: start and enable arch-boxes-sync.timer
+  systemd: name=arch-boxes-sync.timer enabled=yes daemon_reload=yes state=started