diff --git a/modules/services/ssh-agent.nix b/modules/services/ssh-agent.nix
index 1dabb60c..8bcbbcdf 100644
--- a/modules/services/ssh-agent.nix
+++ b/modules/services/ssh-agent.nix
@@ -4,10 +4,8 @@
   pkgs,
   ...
 }:
-
 let
   cfg = config.services.ssh-agent;
-
 in
 {
   meta.maintainers = [
@@ -28,6 +26,15 @@ in
         The agent's socket; interpreted as a suffix to {env}`$XDG_RUNTIME_DIR`.
       '';
     };
+
+    defaultMaximumIdentityLifetime = lib.mkOption {
+      type = lib.types.nullOr lib.types.ints.positive;
+      default = null;
+      example = 3600;
+      description = ''
+        Set a default value for the maximum lifetime in seconds of identities added to the agent.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -47,7 +54,11 @@ in
         Description = "SSH authentication agent";
         Documentation = "man:ssh-agent(1)";
       };
-      Service.ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}";
+      Service.ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${
+        lib.optionalString (
+          cfg.defaultMaximumIdentityLifetime != null
+        ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
+      }";
     };
   };
 }
diff --git a/tests/modules/services/ssh-agent/default.nix b/tests/modules/services/ssh-agent/default.nix
index 66754c04..247d2a88 100644
--- a/tests/modules/services/ssh-agent/default.nix
+++ b/tests/modules/services/ssh-agent/default.nix
@@ -1,5 +1,9 @@
-{ lib, pkgs, ... }:
-
+{
+  lib,
+  pkgs,
+  ...
+}:
 lib.optionalAttrs pkgs.stdenv.hostPlatform.isLinux {
   ssh-agent-basic-service = ./basic-service.nix;
+  ssh-agent-timeout-service = ./timeout-service.nix;
 }
diff --git a/tests/modules/services/ssh-agent/timeout-service-expected.service b/tests/modules/services/ssh-agent/timeout-service-expected.service
new file mode 100644
index 00000000..ce16f584
--- /dev/null
+++ b/tests/modules/services/ssh-agent/timeout-service-expected.service
@@ -0,0 +1,9 @@
+[Install]
+WantedBy=default.target
+
+[Service]
+ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent -t 1337
+
+[Unit]
+Description=SSH authentication agent
+Documentation=man:ssh-agent(1)
diff --git a/tests/modules/services/ssh-agent/timeout-service.nix b/tests/modules/services/ssh-agent/timeout-service.nix
new file mode 100644
index 00000000..99f4cf8b
--- /dev/null
+++ b/tests/modules/services/ssh-agent/timeout-service.nix
@@ -0,0 +1,12 @@
+{
+  services.ssh-agent = {
+    enable = true;
+    defaultMaximumIdentityLifetime = 1337;
+  };
+
+  nmt.script = ''
+    assertFileContent \
+      home-files/.config/systemd/user/ssh-agent.service \
+      ${./timeout-service-expected.service}
+  '';
+}