diff --git a/hosts/common/fs.nix b/hosts/common/fs.nix
index 6fb28cc3..b691ffa2 100644
--- a/hosts/common/fs.nix
+++ b/hosts/common/fs.nix
@@ -5,25 +5,6 @@
 { lib, pkgs, sane-lib, ... }:
 
 let
-  curlftpfs = pkgs.curlftpfs.overrideAttrs (upstream: {
-    # my fork includes:
-    # - per-operation timeouts (CURLOPT_TIMEOUT; would use CURLOPT_LOW_SPEED_TIME/CURLOPT_LOW_SPEED_LIMIT but they don't apply)
-    # - support for "meta" keys found in /etc/fstab
-    src = pkgs.fetchFromGitea {
-      domain = "git.uninsane.org";
-      owner = "colin";
-      repo = "curlftpfs";
-      rev = "a413f331263e8818229f20266f3a5bf6fac3ad4d";
-      hash = "sha256-nLJEKeXIZ0FpveiOf8HjOLkrgdoiT2/XyQDo8Cfj8BQ=";
-    };
-    # `mount` clears PATH before calling the mount helper (see util-linux/lib/env.c),
-    # so the traditional /etc/fstab approach of fstype=fuse and device = curlftpfs#URI doesn't work.
-    # instead, install a `mount.curlftpfs` mount helper. this is what programs like `gocryptfs` do.
-    postInstall = (upstream.postInstall or "") + ''
-      ln -s curlftpfs $out/bin/mount.fuse.curlftpfs
-      ln -s curlftpfs $out/bin/mount.curlftpfs
-    '';
-  });
   fsOpts = rec {
     common = [
       "_netdev"
@@ -218,10 +199,9 @@ lib.mkMerge [
     # ];
 
     programs.fuse.userAllowOther = true;  #< necessary for `allow_other` or `allow_root` options.
-    environment.systemPackages = [
-      pkgs.sshfs-fuse
-      curlftpfs
-    ];
+
+    sane.programs.curlftpfs.enableFor.system = true;
+    sane.programs.sshfs-fuse.enableFor.system = true;
   }
 
   (remoteHome "desko")
diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 0842d127..f55a51c4 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -821,6 +821,8 @@ in
 
     sqlite = {};
 
+    sshfs-fuse = {};  # used by fs.nix
+
     strace.sandbox.enable = false;  #< needs to `exec` its args, and therefore support *anything*
 
     subversion.sandbox.method = "bwrap";
diff --git a/hosts/common/programs/curlftpfs.nix b/hosts/common/programs/curlftpfs.nix
new file mode 100644
index 00000000..fb0454e5
--- /dev/null
+++ b/hosts/common/programs/curlftpfs.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+{
+  sane.programs.curlftpfs = {
+    packageUnwrapped = pkgs.curlftpfs.overrideAttrs (upstream: {
+      # my fork includes:
+      # - per-operation timeouts (CURLOPT_TIMEOUT; would use CURLOPT_LOW_SPEED_TIME/CURLOPT_LOW_SPEED_LIMIT but they don't apply)
+      # - support for "meta" keys found in /etc/fstab
+      src = pkgs.fetchFromGitea {
+        domain = "git.uninsane.org";
+        owner = "colin";
+        repo = "curlftpfs";
+        rev = "a413f331263e8818229f20266f3a5bf6fac3ad4d";
+        hash = "sha256-nLJEKeXIZ0FpveiOf8HjOLkrgdoiT2/XyQDo8Cfj8BQ=";
+      };
+      # `mount` clears PATH before calling the mount helper (see util-linux/lib/env.c),
+      # so the traditional /etc/fstab approach of fstype=fuse and device = curlftpfs#URI doesn't work.
+      # instead, install a `mount.curlftpfs` mount helper. this is what programs like `gocryptfs` do.
+      postInstall = (upstream.postInstall or "") + ''
+        ln -s curlftpfs $out/bin/mount.fuse.curlftpfs
+        ln -s curlftpfs $out/bin/mount.curlftpfs
+      '';
+    });
+  };
+}
diff --git a/hosts/common/programs/default.nix b/hosts/common/programs/default.nix
index 3e8120f9..2de3f328 100644
--- a/hosts/common/programs/default.nix
+++ b/hosts/common/programs/default.nix
@@ -21,6 +21,7 @@
     ./chatty.nix
     ./conky
     ./cozy.nix
+    ./curlftpfs.nix
     ./dconf.nix
     ./deadd-notification-center
     ./dialect.nix