diff --git a/roles/ansible_pull/templates/ansible-pull.service.j2 b/roles/ansible_pull/templates/ansible-pull.service.j2
index 0f80907..b344505 100644
--- a/roles/ansible_pull/templates/ansible-pull.service.j2
+++ b/roles/ansible_pull/templates/ansible-pull.service.j2
@@ -7,6 +7,9 @@ OnFailure=ansible-pull-failure-notify.service
 [Service]
 Type=oneshot
 Environment="SOPS_AGE_KEY_FILE=/etc/ansible_pull_secrets/age_private_key"
+ExecStartPre=/usr/bin/bash -c 'if [ ! -e /home/chaos/ansible_pull_checkout ]; then git clone --depth 1 "{{ ansible_pull__repo_url }}" /home/chaos/ansible_pull_checkout ; fi'
+ExecStartPre=/usr/local/lib/ansible_pull_venv/bin/ansible-galaxy role install -r /home/chaos/ansible_pull_checkout/requirements.yml
+ExecStartPre=/usr/local/lib/ansible_pull_venv/bin/ansible-galaxy collection install -r /home/chaos/ansible_pull_checkout/requirements.yml
 ExecStart=/usr/local/lib/ansible_pull_venv/bin/ansible-pull \
           --directory /home/chaos/ansible_pull_checkout \
           --clean \