The best way I am aware of is to use a PAM login script I adapted from previous work because I couldn't find a satisfying answer in this question.

Your passphrase gets stored encrypted with your system password and a heavy derivation function. At login, your system password is used to decrypt your passphrase and add it to the agent.

https://github.com/capocasa/systemd-user-pam-ssh

The best way I am aware of is to use a PAM login script I adapted from previous work because I couldn't find a satisfying answer in this question.

Your passphrase gets stored encrypted with your system password and a heavy derivation function. At login, your system password is used to decrypt your passphrase and add it to the agent.

https://github.com/capocasa/systemd-user-pam-ssh

The advantage over every other solution presented is that it combines security equivalent to running ssh-add manually at boot with zero effort. It requires no extra tools and has one extra dependency that's already installed by default on most systems (OpenSSL).