diff --git a/ansible.cfg b/ansible.cfg
index 6476e6f..b04e116 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -3,6 +3,7 @@ ask_vault_pass = True
 roles_path = ./roles
 retry_files_enabled = False
 inventory = ./hosts
+filter_plugins = ./filter_plugins
 ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
 nocows = 1
 forks = 15
diff --git a/filter_plugins/net_utils.py b/filter_plugins/net_utils.py
new file mode 100644
index 0000000..082f34d
--- /dev/null
+++ b/filter_plugins/net_utils.py
@@ -0,0 +1,13 @@
+import dns.name
+
+
+class FilterModule:
+    def filters(self):
+        return {
+            "remove_domain_suffix": remove_domain_suffix,
+        }
+
+
+def remove_domain_suffix(name):
+    parent = dns.name.from_text(name).parent()
+    return parent.to_text()
diff --git a/playbooks/ifupdown2.yml b/playbooks/ifupdown2.yml
new file mode 100755
index 0000000..01d72f0
--- /dev/null
+++ b/playbooks/ifupdown2.yml
@@ -0,0 +1,32 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts:
+    - ntp-1.int.infra.auro.re
+  vars:
+    # TODO: netbox
+    ifupdown2__hosts:
+      ntp-1.int.infra.auro.re:
+        ens18:
+          gateways:
+            - 2a09:6840:128::254
+            - 10.128.0.254
+          addresses:
+            - 2a09:6840:128::203/56
+            - 10.128.0.203/16
+    ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
+  roles:
+    - ifupdown2
+
+- hosts:
+    - ntp-1.int.infra.auro.re
+  vars:
+    resolvconf__nameservers:
+      - 2a09:6840:128::127
+      - 10.128.0.127
+    resolvconf__domain: auro.re
+    resolvconf__search:
+      - "{{ inventory_hostname | remove_domain_suffix }}"
+      - auro.re
+  roles:
+    - resolvconf
+...
diff --git a/roles/ifupdown2/defaults/main.yml b/roles/ifupdown2/defaults/main.yml
new file mode 100644
index 0000000..a419f07
--- /dev/null
+++ b/roles/ifupdown2/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+ifupdown2__interfaces: {}
+...
diff --git a/roles/ifupdown2/handlers/main.yml b/roles/ifupdown2/handlers/main.yml
new file mode 100644
index 0000000..9a5d0c0
--- /dev/null
+++ b/roles/ifupdown2/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Restart networking
+  systemd:
+    name: networking.service
+    state: restarted
+
+- name: Bring all interfaces up
+  shell: /usr/sbin/ifup -a
+...
diff --git a/roles/ifupdown2/tasks/main.yml b/roles/ifupdown2/tasks/main.yml
new file mode 100644
index 0000000..aa07c7f
--- /dev/null
+++ b/roles/ifupdown2/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: Gather package facts
+  package_facts:
+    manager: apt
+
+- name: Check if ifupdown2 is installed
+  set_fact:
+    must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
+
+- name: Mask networking before installing ifupdown2
+  systemd:
+    name: networking.service
+    masked: true
+  when: must_mask
+
+- name: Install ifupdown2
+  apt:
+    name: ifupdown2
+
+- name: Unmask networking now that ifupdown2 is installed
+  systemd:
+    name: networking.service
+    masked: false
+  when: must_mask
+
+- name: Configure ifupdown2
+  template:
+    src: interfaces.j2
+    dest: /etc/network/interfaces
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  notify:
+    - Restart networking
+    - Bring all interfaces up
+
+- name: Enable and start networking
+  systemd:
+    name: networking.service
+    state: started
+    enabled: true
+...
diff --git a/roles/ifupdown2/templates/interfaces.j2 b/roles/ifupdown2/templates/interfaces.j2
new file mode 100644
index 0000000..d61606c
--- /dev/null
+++ b/roles/ifupdown2/templates/interfaces.j2
@@ -0,0 +1,13 @@
+{{ ansible_managed | comment }}
+
+{% for name, iface in ifupdown2__interfaces.items() %}
+auto {{ name }}
+iface {{ name }}
+{% for address in iface.addresses %}
+    address {{ address | ipaddr }}
+{% endfor %}
+{% for gateway in iface.gateways | default([]) %}
+    gateway {{ gateway | ipaddr }}
+{% endfor %}
+
+{% endfor %}
diff --git a/roles/resolvconf/tasks/main.yml b/roles/resolvconf/tasks/main.yml
new file mode 100644
index 0000000..d650b78
--- /dev/null
+++ b/roles/resolvconf/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Install resolv.conf
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+...
diff --git a/roles/resolvconf/templates/resolv.conf.j2 b/roles/resolvconf/templates/resolv.conf.j2
new file mode 100644
index 0000000..9376000
--- /dev/null
+++ b/roles/resolvconf/templates/resolv.conf.j2
@@ -0,0 +1,11 @@
+{{ ansible_managed | comment }}
+
+{% for nameserver in resolvconf__nameservers %}
+nameserver {{ nameserver | ipaddr }}
+{% endfor %}
+{% if resolvconf__domain is defined %}
+domain {{ resolvconf__domain }}
+{% endif %}
+{% if resolvconf__search is defined %}
+search {{ resolvconf__search | join(" ") }}
+{% endif %}