diff --git a/modules/misc/ssh-auth-sock.nix b/modules/misc/ssh-auth-sock.nix
index 7bc417c3d..6f9b5231e 100644
--- a/modules/misc/ssh-auth-sock.nix
+++ b/modules/misc/ssh-auth-sock.nix
@@ -1,4 +1,9 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 
 let
   cfg = config.sshAuthSock;
@@ -44,6 +49,18 @@ in
         };
       };
 
+    systemd.socketProviderUnit = lib.mkOption {
+      description = ''
+        The name of the systemd unit responsible for providing the {env}`SSH_AUTH_SOCK`.
+
+        Services that rely on an active SSH authentication agent can reference
+        this option to declare a dependency onto this unit, ensuring that the
+        socket is available and being served before they start.
+      '';
+      example = "ssh-agent.service";
+      type = lib.types.str;
+    };
+
   };
 
   config =
@@ -78,5 +95,26 @@ in
       programs.fish.shellInit = lib.mkOrder 900 fishIntegration;
       programs.nushell.extraConfig = lib.mkOrder 900 nushellIntegration;
       programs.zsh.envExtra = lib.mkOrder 900 zshIntegration;
+
+      # Replace this service by an environment generator as soon as they are
+      # available per-user. See https://github.com/systemd/systemd/issues/32423
+      # for more information.
+      systemd.user.services.set-SSH_AUTH_SOCK = {
+        Unit = {
+          Description = "Sets SSH_AUTH_SOCK in the D-BUS daemon and systemd";
+          Before = [ cfg.systemd.socketProviderUnit ];
+        };
+        Service = {
+          Type = "oneshot";
+          ExecStart = pkgs.writeShellScript "set-SSH_AUTH_SOCK" ''
+            ${bashIntegration}
+            ${pkgs.dbus}/bin/dbus-update-activation-environment --systemd SSH_AUTH_SOCK
+          '';
+        };
+        Install.WantedBy = [
+          "default.target"
+          cfg.systemd.socketProviderUnit
+        ];
+      };
     };
 }
diff --git a/modules/services/gpg-agent.nix b/modules/services/gpg-agent.nix
index aa7f7673b..bfd7bbe1e 100644
--- a/modules/services/gpg-agent.nix
+++ b/modules/services/gpg-agent.nix
@@ -393,6 +393,7 @@ in
           $env.SSH_AUTH_SOCK = $"(${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket)"
         '';
       };
+      systemd.socketProviderUnit = "gpg-agent-ssh.socket";
     };
 
     programs = {
diff --git a/modules/services/proton-pass-agent.nix b/modules/services/proton-pass-agent.nix
index 14bca6b56..ff2ab4184 100644
--- a/modules/services/proton-pass-agent.nix
+++ b/modules/services/proton-pass-agent.nix
@@ -86,6 +86,7 @@ in
               ''$"($env.XDG_RUNTIME_DIR)/${cfg.socket}"''
           }";
         };
+        systemd.socketProviderUnit = "proton-pass-agent.service";
       };
 
       systemd.user.services.proton-pass-agent = {
diff --git a/modules/services/ssh-agent.nix b/modules/services/ssh-agent.nix
index 34c0aa9ba..348a301ed 100644
--- a/modules/services/ssh-agent.nix
+++ b/modules/services/ssh-agent.nix
@@ -80,6 +80,7 @@ in
               ''$"($env.XDG_RUNTIME_DIR)/${cfg.socket}"''
           }";
         };
+      systemd.socketProviderUnit = "ssh-agent.service";
     };
 
     systemd.user.services.ssh-agent = {
diff --git a/modules/services/ssh-tpm-agent.nix b/modules/services/ssh-tpm-agent.nix
index 937721469..245b3753d 100644
--- a/modules/services/ssh-tpm-agent.nix
+++ b/modules/services/ssh-tpm-agent.nix
@@ -80,6 +80,7 @@ in
         fish = ''set -x SSH_AUTH_SOCK "$XDG_RUNTIME_DIR/ssh-tpm-agent.sock"'';
         nushell = ''$env.SSH_AUTH_SOCK = $"($env.XDG_RUNTIME_DIR)/ssh-tpm-agent.sock"'';
       };
+      systemd.socketProviderUnit = lib.mkOverride 90 "ssh-tpm-agent.socket";
     };
 
     systemd.user = {
diff --git a/modules/services/yubikey-agent.nix b/modules/services/yubikey-agent.nix
index 1fe0bdbb0..9df45903a 100644
--- a/modules/services/yubikey-agent.nix
+++ b/modules/services/yubikey-agent.nix
@@ -42,6 +42,7 @@ in
               ''$"($env.XDG_RUNTIME_DIR | default $"/run/user/(id -u)")/yubikey-agent/yubikey-agent.sock"''
           }";
         };
+      systemd.socketProviderUnit = "yubikey-agent.socket";
     };
 
     systemd.user.services.yubikey-agent = {
diff --git a/tests/modules/misc/ssh-auth-sock/disabled.nix b/tests/modules/misc/ssh-auth-sock/disabled.nix
index 5748c00ac..d7223b595 100644
--- a/tests/modules/misc/ssh-auth-sock/disabled.nix
+++ b/tests/modules/misc/ssh-auth-sock/disabled.nix
@@ -19,5 +19,7 @@
     assertFileNotRegex \
       home-files/.zshenv \
       'SSH_AUTH_SOCK'
+
+    assertPathNotExists home-files/.config/systemd/user/set-SSH_AUTH_SOCK.service
   '';
 }
diff --git a/tests/modules/misc/ssh-auth-sock/enabled.nix b/tests/modules/misc/ssh-auth-sock/enabled.nix
index ff1c14ce2..8ebe0029e 100644
--- a/tests/modules/misc/ssh-auth-sock/enabled.nix
+++ b/tests/modules/misc/ssh-auth-sock/enabled.nix
@@ -1,3 +1,5 @@
+{ config, lib, ... }:
+
 {
   programs.bash.enable = true;
   programs.fish.enable = true;
@@ -11,6 +13,7 @@
       fish = "echo fish";
       nushell = "echo nushell";
     };
+    systemd.socketProviderUnit = "foo.socket";
   };
 
   nmt.script = ''
@@ -26,5 +29,10 @@
     assertFileContains \
       home-files/.zshenv \
       'if [ -z "$SSH_AUTH_SOCK" -o -z "$SSH_CONNECTION" ]; then'
+  ''
+  + lib.optionalString config.systemd.user.enable ''
+    assertFileExists home-files/.config/systemd/user/set-SSH_AUTH_SOCK.service
+    assertFileContains home-files/.config/systemd/user/set-SSH_AUTH_SOCK.service 'Before=foo.socket'
+    assertFileContains home-files/.config/systemd/user/set-SSH_AUTH_SOCK.service 'WantedBy=foo.socket'
   '';
 }