diff --git a/ansible.cfg b/ansible.cfg
index b9a76ef..d315089 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -5,3 +5,4 @@ remote_user = root
 
 [privilege_escalation]
 become_method = su
+become_flags = -s /bin/sh -l
diff --git a/roles/alpine/handlers/main.yml b/roles/alpine/handlers/main.yml
index c215f94..ea1f3bd 100644
--- a/roles/alpine/handlers/main.yml
+++ b/roles/alpine/handlers/main.yml
@@ -1,3 +1,9 @@
+- name: restart networking
+  service:
+    name: networking
+    state: restarted
+  when: "'handler' not in ansible_skip_tags"
+
 - name: reload sshd
   service:
     name: sshd
diff --git a/roles/alpine/tasks/main.yml b/roles/alpine/tasks/main.yml
index 95ca640..3c8656e 100644
--- a/roles/alpine/tasks/main.yml
+++ b/roles/alpine/tasks/main.yml
@@ -1,3 +1,9 @@
+- name: Set up network interfaces
+  template:
+    dest: /etc/network/interfaces
+    src: interfaces.j2
+  notify: restart networking
+
 - name: Set hostname
   hostname:
     name: '{{ dns_name }}'
@@ -20,6 +26,7 @@
 - name: Install base packages
   package:
     name:
+    - acl
     - git
     - iproute2
     - logrotate
diff --git a/roles/alpine/templates/interfaces.j2 b/roles/alpine/templates/interfaces.j2
new file mode 100644
index 0000000..4c9aa95
--- /dev/null
+++ b/roles/alpine/templates/interfaces.j2
@@ -0,0 +1,17 @@
+auto lo
+iface lo inet loopback
+
+{% for iface in interfaces | selectattr('enabled') %}
+auto {{ iface.name }}
+iface {{ iface.name }} inet static
+{% for ip in iface.ip_addresses %}
+    address {{ ip.address }}
+{% set subnet = ip.address | ipaddr('subnet') %}
+{% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %}
+{% set gateway = prefix.custom_fields.gateway.address %}
+{% if gateway is defined %}
+    gateway {{ gateway | ipaddr('address') }}
+{% endif %}
+{% endfor %}
+
+{% endfor %}
diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml
index 269aca4..77f23c5 100644
--- a/roles/forgejo/tasks/main.yml
+++ b/roles/forgejo/tasks/main.yml
@@ -142,7 +142,6 @@
     - name: Register runner
       become: yes
       become_user: forgejo-runner
-      become_flags: '-s /bin/sh -l'
       command: |
         forgejo-runner register --no-interactive --name runner
             --instance https://git.fri.uni-lj.si