diff --git a/modules/default.nix b/modules/default.nix
index dde28965..5ca17e07 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -4,6 +4,7 @@
     ./docker-desktop.nix
     ./interop.nix
     ./recovery.nix
+    ./ssh-agent.nix
     ./systemd
     ./usbip.nix
     ./version.nix
diff --git a/modules/ssh-agent.nix b/modules/ssh-agent.nix
new file mode 100644
index 00000000..d0b0d1f7
--- /dev/null
+++ b/modules/ssh-agent.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.wsl.ssh-agent;
+in
+{
+  options.wsl.ssh-agent = {
+    enable = lib.mkEnableOption "ssh-agent passthrough to Windows";
+  };
+
+  config = lib.mkIf (config.wsl.enable && cfg.enable) {
+    systemd.user.services.wsl2-ssh-agent = {
+      description = "WSL2 SSH Agent Bridge";
+      after = [ "network.target" ];
+      wantedBy = [ "default.target" ];
+      unitConfig = {
+        ConditionUser = "!root";
+      };
+      serviceConfig = {
+        ExecStart = "${pkgs.wsl2-ssh-agent}/bin/wsl2-ssh-agent --verbose --foreground --socket=%t/wsl2-ssh-agent.sock";
+        Restart = "on-failure";
+      };
+    };
+
+    environment.variables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/wsl2-ssh-agent.sock";
+  };
+}