diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 68b8fce9..127c35db 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -951,33 +951,6 @@ in
     wl-clipboard.sandbox.wrapperType = "wrappedDerivation";
     wl-clipboard.sandbox.whitelistWayland = true;
 
-    xdg-desktop-portal-gtk.sandbox.method = "bwrap";
-    xdg-desktop-portal-gtk.sandbox.wrapperType = "inplace";
-    xdg-desktop-portal-gtk.sandbox.whitelistDbus = [ "user" ];  # speak to main xdg-desktop-portal
-    xdg-desktop-portal-gtk.sandbox.whitelistWayland = true;
-    xdg-desktop-portal-gtk.sandbox.extraHomePaths = [
-      ".local/share/applications"  # file opener needs to find .desktop files, for their icon/name.
-      # for file-chooser portal users (fractal, firefox, ...), need to provide anything they might want.
-      # i think (?) portal users can only access the files here interactively, i.e. by me interacting with the portal's visual filechooser,
-      # so shoving stuff here is trusting the portal but not granting any trust to the portal user.
-      "Books"
-      "Music"
-      "Pictures"
-      "Pictures/servo-macros"
-      "Videos"
-      "Videos/servo"
-      "archive"
-      "dev"
-      "ref"
-      "tmp"
-      "use"
-    ];
-
-    xdg-desktop-portal-wlr.sandbox.method = "bwrap";  # TODO:sandbox: untested
-    xdg-desktop-portal-wlr.sandbox.wrapperType = "inplace";
-    xdg-desktop-portal-wlr.sandbox.whitelistDbus = [ "user" ];  # speak to main xdg-desktop-portal
-    xdg-desktop-portal-wlr.sandbox.whitelistWayland = true;
-
     xdg-terminal-exec.sandbox.enable = false;  # xdg-terminal-exec is a launcher for $TERM
     xterm.sandbox.enable = false;  # need to be able to do everything
 
diff --git a/hosts/common/programs/xdg-desktop-portal-gtk.nix b/hosts/common/programs/xdg-desktop-portal-gtk.nix
index 25a62bdf..145f0744 100644
--- a/hosts/common/programs/xdg-desktop-portal-gtk.nix
+++ b/hosts/common/programs/xdg-desktop-portal-gtk.nix
@@ -1,13 +1,52 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
   cfg = config.sane.programs.xdg-desktop-portal-gtk;
 in
 {
   sane.programs.xdg-desktop-portal-gtk = {
+    # rmDbusServices: because we care about ordering with the rest of the desktop, and don't want something else to auto-start this.
+    packageUnwrapped = pkgs.rmDbusServicesInPlace pkgs.xdg-desktop-portal-gtk;
+
+    sandbox.method = "bwrap";
+    sandbox.wrapperType = "inplace";
+    sandbox.whitelistDbus = [ "user" ];  # speak to main xdg-desktop-portal
+    sandbox.whitelistWayland = true;
+    sandbox.extraHomePaths = [
+      ".local/share/applications"  # file opener needs to find .desktop files, for their icon/name.
+      # for file-chooser portal users (fractal, firefox, ...), need to provide anything they might want.
+      # i think (?) portal users can only access the files here interactively, i.e. by me interacting with the portal's visual filechooser,
+      # so shoving stuff here is trusting the portal but not granting any trust to the portal user.
+      "Books"
+      "Music"
+      "Pictures"
+      "Pictures/servo-macros"
+      "Videos"
+      "Videos/servo"
+      "archive"
+      "dev"
+      "ref"
+      "tmp"
+      "use"
+    ];
+
     fs.".config/xdg-desktop-portal/portals/gtk.portal".symlink.target =
       "${cfg.package}/share/xdg-desktop-portal/portals/gtk.portal";
     # XXX: overcome bug when manually setting `$XDG_DESKTOP_PORTAL_DIR`
     #      which causes *.portal files to be looked for in the toplevel instead of under `portals/`
     fs.".config/xdg-desktop-portal/gtk.portal".symlink.target = "portals/gtk.portal";
+
+    services.xdg-desktop-portal-gtk = {
+      description = "xdg-desktop-portal-gtk backend (provides graphical dialogs for xdg-desktop-portal)";
+      after = [ "graphical-session.target" ];
+      before = [ "xdg-desktop-portal.service" ];
+      wantedBy = [ "xdg-desktop-portal.service" ];
+
+      serviceConfig = {
+        ExecStart="${cfg.package}/libexec/xdg-desktop-portal-gtk";
+        Type = "simple";
+        Restart = "always";
+        RestartSec = "10s";
+      };
+    };
   };
 }
diff --git a/hosts/common/programs/xdg-desktop-portal-wlr.nix b/hosts/common/programs/xdg-desktop-portal-wlr.nix
index 5a48f761..32538ce4 100644
--- a/hosts/common/programs/xdg-desktop-portal-wlr.nix
+++ b/hosts/common/programs/xdg-desktop-portal-wlr.nix
@@ -1,13 +1,35 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
   cfg = config.sane.programs.xdg-desktop-portal-wlr;
 in
 {
   sane.programs.xdg-desktop-portal-wlr = {
+    # rmDbusServices: because we care about ordering with the rest of the desktop, and don't want something else to auto-start this.
+    packageUnwrapped = pkgs.rmDbusServicesInPlace pkgs.xdg-desktop-portal-wlr;
+
+    sandbox.method = "bwrap";  # TODO:sandbox: untested
+    sandbox.wrapperType = "inplace";
+    sandbox.whitelistDbus = [ "user" ];  # speak to main xdg-desktop-portal
+    sandbox.whitelistWayland = true;
+
     fs.".config/xdg-desktop-portal/portals/wlr.portal".symlink.target =
       "${cfg.package}/share/xdg-desktop-portal/portals/wlr.portal";
     # XXX: overcome bug when manually setting `$XDG_DESKTOP_PORTAL_DIR`
     #      which causes *.portal files to be looked for in the toplevel instead of under `portals/`
     fs.".config/xdg-desktop-portal/wlr.portal".symlink.target = "portals/wlr.portal";
+
+    services.xdg-desktop-portal-wlr = {
+      description = "xdg-desktop-portal-wlr backend (provides screenshot functionality for xdg-desktop-portal)";
+      after = [ "graphical-session.target" ];
+      before = [ "xdg-desktop-portal.service" ];
+      wantedBy = [ "xdg-desktop-portal.service" ];
+
+      serviceConfig = {
+        ExecStart="${cfg.package}/libexec/xdg-desktop-portal-wlr";
+        Type = "simple";
+        Restart = "always";
+        RestartSec = "10s";
+      };
+    };
   };
 }