diff --git a/roles/squid/handlers/main.yml b/roles/squid/handlers/main.yml
index 5d4119b..851ca55 100644
--- a/roles/squid/handlers/main.yml
+++ b/roles/squid/handlers/main.yml
@@ -1,3 +1,7 @@
+- name: reload systemd
+  systemd:
+    daemon_reload: true
+
 - name: initialize squid cache directories
   command:
     /usr/sbin/squid -N -z -F -f /etc/squid/squid.conf
diff --git a/roles/squid/tasks/main.yml b/roles/squid/tasks/main.yml
index 2bc8530..451f7e8 100644
--- a/roles/squid/tasks/main.yml
+++ b/roles/squid/tasks/main.yml
@@ -29,6 +29,27 @@
   - initialize squid cache directories
   - reload squid
 
+- name: ensure squid systemd unit drop-in directory exists
+  file:
+    path: /etc/systemd/system/squid.service.d
+    owner: root
+    group: root
+    mode: u=rwx,go=rx
+    state: directory
+  tags:
+  - systemd
+- name: ensure squid private tmp is configured
+  copy:
+    src: private-tmp.conf
+    dest: /etc/systemd/system/squid.service.d/private-tmp.conf
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - reload systemd
+  tags:
+  - systemd
+
 - meta: flush_handlers
 - name: ensure squid service starts at boot
   service: