diff --git a/data/meson.build b/data/meson.build
index 79c88ed7f9..facdab8d3d 100644
--- a/data/meson.build
+++ b/data/meson.build
@@ -9,19 +9,25 @@ configure_file(
 
 if install_systemdunitdir
   services = [
-    'NetworkManager-dispatcher.service.in',
-    'NetworkManager.service.in',
-    'nm-priv-helper.service.in',
-    'NetworkManager-wait-online.service.in',
+    'NetworkManager-dispatcher.service',
+    'NetworkManager.service',
+    'nm-priv-helper.service',
+    'NetworkManager-wait-online.service',
   ]
 
   foreach service: services
     configure_file(
-      input: service,
-      output: '@BASENAME@',
+      input: service + '.in',
+      output: service,
       install_dir: systemd_systemdsystemunitdir,
       configuration: data_conf,
     )
+
+    test(
+      'check-' + service,
+      find_program(join_paths(source_root, 'src/tests/check-systemd-unit.sh')),
+      args: [ join_paths(meson.current_build_dir(), service) ],
+    )
   endforeach
 
   if enable_ovs
diff --git a/src/nm-cloud-setup/meson.build b/src/nm-cloud-setup/meson.build
index b1269ec667..872b3352b8 100644
--- a/src/nm-cloud-setup/meson.build
+++ b/src/nm-cloud-setup/meson.build
@@ -9,6 +9,12 @@ if install_systemdunitdir
     configuration: data_conf,
   )
 
+  test(
+    'check-nm-cloud-setup.service',
+    find_program(join_paths(source_root, 'src/tests/check-systemd-unit.sh')),
+    args: [ join_paths(meson.current_build_dir(), 'nm-cloud-setup.service') ],
+  )
+
   install_data(
     'nm-cloud-setup.timer',
     install_dir: systemd_systemdsystemunitdir,
diff --git a/src/tests/check-systemd-unit.sh b/src/tests/check-systemd-unit.sh
new file mode 100755
index 0000000000..7e3f786e09
--- /dev/null
+++ b/src/tests/check-systemd-unit.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+set -e
+set -o pipefail
+
+# We're using "security" as opposed to "verify" because (as of 2024)
+# the latter doesn't support --offline runs.
+#
+# The point is that if anything appears before the security report
+# header, there's an error or a warning while parsing the unit file.
+env -i systemd-analyze --offline=true security "$1" 2>&1 |awk '
+	/NAME.*DESCRIPTION.*EXPOSURE/ {suppress=1}
+	{if (!suppress) {print; failed++}}
+	END {exit failed}
+'