diff --git a/modules/services/ssh-tpm-agent.nix b/modules/services/ssh-tpm-agent.nix
index 6ebe4da4..e7e7f936 100644
--- a/modules/services/ssh-tpm-agent.nix
+++ b/modules/services/ssh-tpm-agent.nix
@@ -41,30 +41,43 @@ in
 
     home.packages = [ cfg.package ];
 
-    systemd.user = {
-      services.ssh-tpm-agent = {
-        Unit = {
-          Description = "ssh-tpm-agent service";
-          Documentation = "https://github.com/Foxboron/ssh-tpm-agent";
-          Requires = "ssh-tpm-agent.socket";
-          After = "ssh-tpm-agent.socket";
-          RefuseManualStart = true;
-        };
+    home.sessionVariables = {
+      # Override ssh-agent's $SSH_AUTH_SOCK definition since ssh-tpm-agent is a
+      # proxy to it.
+      SSH_AUTH_SOCK = lib.mkOverride 90 "$XDG_RUNTIME_DIR/ssh-tpm-agent.sock";
+      SSH_TPM_AUTH_SOCK = "$XDG_RUNTIME_DIR/ssh-tpm-agent.sock";
+    };
 
-        Service = {
-          Type = "simple";
-          SuccessExitStatus = 2;
-          ExecStart = "${lib.getExe cfg.package} -l %t/ssh-tpm-agent.sock${
-            lib.optionalString (cfg.keyDir != null) " --key-dir ${cfg.keyDir}"
-          }";
-          Environment = [
-            "SSH_TPM_AUTH_SOCK=%t/ssh-tpm-agent.sock"
-          ];
-          PassEnvironment = [
-            "SSH_AGENT_PID"
-          ];
-        };
-      };
+    systemd.user = {
+      services.ssh-tpm-agent = lib.mkMerge [
+        {
+          Unit = {
+            Description = "ssh-tpm-agent service";
+            Documentation = "https://github.com/Foxboron/ssh-tpm-agent";
+            Requires = [ "ssh-tpm-agent.socket" ];
+            After = [ "ssh-tpm-agent.socket" ];
+            RefuseManualStart = true;
+          };
+          Service = {
+            Environment = "SSH_TPM_AUTH_SOCK=%t/ssh-tpm-agent.sock";
+            ExecStart =
+              let
+                inherit (config.services) ssh-agent;
+              in
+              "${lib.getExe cfg.package} -l %t/ssh-tpm-agent.sock"
+              + lib.optionalString (cfg.keyDir != null) " --key-dir ${cfg.keyDir}"
+              + lib.optionalString ssh-agent.enable " -A %t/${ssh-agent.socket}";
+            SuccessExitStatus = 2;
+            Type = "simple";
+          };
+        }
+        (mkIf config.services.ssh-agent.enable {
+          Unit = {
+            BindsTo = [ "ssh-agent.service" ];
+            After = [ "ssh-agent.service" ];
+          };
+        })
+      ];
 
       sockets.ssh-tpm-agent = {
         Unit = {
@@ -85,10 +98,5 @@ in
         };
       };
     };
-
-    home.sessionVariables = {
-      SSH_AUTH_SOCK = "\${XDG_RUNTIME_DIR:-/run/user/$UID}/ssh-tpm-agent.sock";
-      SSH_TPM_AUTH_SOCK = "\${XDG_RUNTIME_DIR:-/run/user/$UID}/ssh-tpm-agent.sock";
-    };
   };
 }
diff --git a/tests/modules/services/ssh-tpm-agent/as-ssh-agent-proxy.nix b/tests/modules/services/ssh-tpm-agent/as-ssh-agent-proxy.nix
new file mode 100644
index 00000000..7ec01ec9
--- /dev/null
+++ b/tests/modules/services/ssh-tpm-agent/as-ssh-agent-proxy.nix
@@ -0,0 +1,50 @@
+{ config, ... }:
+
+{
+  services.ssh-agent.enable = true;
+  services.ssh-tpm-agent = {
+    enable = true;
+    package = config.lib.test.mkStubPackage { outPath = "@ssh-tpm-agent@"; };
+  };
+
+  nmt.script = ''
+    serviceFile=home-files/.config/systemd/user/ssh-tpm-agent.service
+    socketFile=home-files/.config/systemd/user/ssh-tpm-agent.socket
+
+    assertFileExists $serviceFile
+    assertFileExists $socketFile
+
+    assertFileContent $serviceFile ${builtins.toFile "expected-service" ''
+      [Service]
+      Environment=SSH_TPM_AUTH_SOCK=%t/ssh-tpm-agent.sock
+      ExecStart=@ssh-tpm-agent@/bin/dummy -l %t/ssh-tpm-agent.sock -A %t/ssh-agent
+      SuccessExitStatus=2
+      Type=simple
+
+      [Unit]
+      After=ssh-tpm-agent.socket
+      After=ssh-agent.service
+      BindsTo=ssh-agent.service
+      Description=ssh-tpm-agent service
+      Documentation=https://github.com/Foxboron/ssh-tpm-agent
+      RefuseManualStart=yes
+      Requires=ssh-tpm-agent.socket
+    ''}
+
+    assertFileContent $socketFile ${builtins.toFile "expected-socket" ''
+      [Install]
+      WantedBy=sockets.target
+
+      [Socket]
+      DirectoryMode=0700
+      ListenStream=%t/ssh-tpm-agent.sock
+      RuntimeDirectory=ssh-tpm-agent
+      Service=ssh-tpm-agent.service
+      SocketMode=0600
+
+      [Unit]
+      Description=SSH TPM agent socket
+      Documentation=https://github.com/Foxboron/ssh-tpm-agent
+    ''}
+  '';
+}
diff --git a/tests/modules/services/ssh-tpm-agent/default.nix b/tests/modules/services/ssh-tpm-agent/default.nix
index d8dfbae7..a36505d0 100644
--- a/tests/modules/services/ssh-tpm-agent/default.nix
+++ b/tests/modules/services/ssh-tpm-agent/default.nix
@@ -1,5 +1,6 @@
 { lib, pkgs, ... }:
 
 lib.optionalAttrs pkgs.stdenv.hostPlatform.isLinux {
-  ssh-tpm-agent = ./service.nix;
+  ssh-tpm-agent-standalone = ./standalone.nix;
+  ssh-tpm-agent-as-ssh-agent-proxy = ./as-ssh-agent-proxy.nix;
 }
diff --git a/tests/modules/services/ssh-tpm-agent/service.nix b/tests/modules/services/ssh-tpm-agent/standalone.nix
similarity index 97%
rename from tests/modules/services/ssh-tpm-agent/service.nix
rename to tests/modules/services/ssh-tpm-agent/standalone.nix
index 1b708863..a06aac24 100644
--- a/tests/modules/services/ssh-tpm-agent/service.nix
+++ b/tests/modules/services/ssh-tpm-agent/standalone.nix
@@ -17,7 +17,6 @@
       [Service]
       Environment=SSH_TPM_AUTH_SOCK=%t/ssh-tpm-agent.sock
       ExecStart=@ssh-tpm-agent@/bin/dummy -l %t/ssh-tpm-agent.sock
-      PassEnvironment=SSH_AGENT_PID
       SuccessExitStatus=2
       Type=simple