Espanso daemon problem

Hi!

I try to install espanso.
First, I enabled the dedicated service with services.espanso.enable = true. But I use wayland and this service seems to be for X11.
I added espanso-wayland in my systemPackages and imported this expanso.nix file :

{ config, lib, pkgs, ... }:

{
  systemd.services.espanso = {
    description = "ESPANSO";
    after = [ "syslog.target" "network.target" ];
    wantedBy = [ "default.target" ];

    serviceConfig = {
      ExecStart = "${pkgs.espanso-wayland}/bin/espanso daemon";
      Type = "simple";
      Restart = "always";
      RestartSec = 3;
      User = "manu";
      Group = "users";
      CapabilityBoundingSet = "CAP_DAC_OVERRIDE";
      AmbientCapabilities = "CAP_DAC_OVERRIDE";
    };
 };

 systemd.services.espanso.enable = true;
}

But it still doesn’t work

systemctl status espanso return this :

espanso.service - ESPANSO
     Loaded: loaded (/etc/systemd/system/espanso.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Sat 2023-11-11 01:05:59 CET; 37min ago
   Duration: 48ms
    Process: 227636 ExecStart=/nix/store/p9k8cn912336wfqrmv37f71bv4fiy97b-espanso-2.1.8/bin/espanso daemon (code=exited, status=101)
   Main PID: 227636 (code=exited, status=101)
         IP: 0B in, 0B out
        CPU: 47ms

What I get with espanso log or espanso daemon :

01:45:17 [daemon(251647)] [INFO] reading configs from: "/home/manu/.config/espanso"
01:45:17 [daemon(251647)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
01:45:17 [daemon(251647)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
01:45:17 [daemon(251647)] [INFO] system info: NixOS v23.05 - kernel: 6.1.61
01:45:17 [daemon(251647)] [WARN] keyboard layout watcher couldn't determine active layout.
01:45:17 [daemon(251647)] [INFO] watching for changes in path: "/home/manu/.config/espanso"
01:45:17 [daemon(251647)] [INFO] espanso version: 2.1.8
01:45:17 [daemon(251647)] [INFO] spawning the worker process...
01:45:17 [daemon(251647)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansodaemonv2.sock
01:45:17 [worker(251653)] [INFO] reading configs from: "/home/manu/.config/espanso"
01:45:17 [worker(251653)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
01:45:17 [worker(251653)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
01:45:17 [worker(251653)] [INFO] system info: NixOS v23.05 - kernel: 6.1.61
01:45:17 [worker(251653)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansoworkerv2.sock
01:45:17 [worker(251653)] [INFO] monitoring the status of the daemon process
01:45:17 [worker(251653)] [INFO] using WaylandAppInfoProvider
01:45:17 [worker(251653)] [WARN] EVDEV backend is being used, but without enabling linux capabilities.
01:45:17 [worker(251653)] [WARN]   Although you CAN run espanso EVDEV backend as root, it's not recommended due
01:45:17 [worker(251653)] [WARN]   to security reasons. Espanso supports linux capabilities to limit the attack surface
01:45:17 [worker(251653)] [WARN]   area by only leveraging on the CAP_DAC_OVERRIDE capability (needed to work with
01:45:17 [worker(251653)] [WARN]   /dev/input/* devices to detect and inject text) and disabling it as soon as the
01:45:17 [worker(251653)] [WARN]   initial setup is completed.
01:45:17 [worker(251653)] [INFO] detection module will use this keyboard layout: [R=, M=, L=fr, V=, O=]
01:45:17 [worker(251653)] [INFO] using EVDEVSource
01:45:17 [worker(251653)] [ERROR] Unable to open EVDEV devices, this usually has to do with permissions.
01:45:17 [worker(251653)] [ERROR] You can either add the current user to the 'input' group or run espanso as root
01:45:17 [worker(251653)] [ERROR] thread 'engine thread' panicked at 'failed to initialize detector module: detection source initialization failed': espanso/src/cli/worker/engine/mod.rs:139
01:45:17 [worker(251653)] [ERROR] Unable to block the LinuxEventLoop: receiving on an empty and disconnected channel
01:45:17 [worker(251653)] [ERROR] thread 'main' panicked at 'unable to run main eventloop: receiving on an empty and disconnected channel': espanso/src/cli/worker/mod.rs:160
01:45:17 [daemon(251647)] [ERROR] received unexpected exit code from worker 101, exiting

The problem seems to come from CAP_DAC_OVERRIDE. This is why I added CapabilityBoundingSet and AmbientCapabilities to the systemd service.
But I’m not sure I should add this capabilities to the daemon worker. Maybe I should add this to the espanso executable instead. Not sure. I tried sudo setcap "cap_dac_override+p" $(which espanso) but don’t work.

I don’t know exactly what I’m doing. Just hacking.
Why EVDEV don’t want to be used ?
If someone get an idea about my journey, I’ll take it !

As suggested by @gaelreyrol on matrix, I added my user in the input group with :
users.users.manu.extraGroups = [ "input" ];

I use id -nG manu to check my user is well in the group.

Still not working. I can’t trigger expansion. espanso status tell espanso is running.
My nix question is How to set the CAP_DAC_OVERRIDE capability ? Is my systemd.service not good ?

Here the espanso log output :

14:40:17 [daemon(22337)] [INFO] reading configs from: "/home/manu/.config/espanso"
14:40:17 [daemon(22337)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
14:40:17 [daemon(22337)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
14:40:17 [daemon(22337)] [INFO] system info: NixOS v23.05 - kernel: 6.1.63
14:40:17 [daemon(22337)] [INFO] watching for changes in path: "/home/manu/.config/espanso"
14:40:17 [daemon(22337)] [WARN] keyboard layout watcher couldn't determine active layout.
14:40:17 [daemon(22337)] [INFO] espanso version: 2.1.8
14:40:17 [daemon(22337)] [INFO] spawning the worker process...
14:40:17 [daemon(22337)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansodaemonv2.sock
14:40:17 [worker(22343)] [INFO] reading configs from: "/home/manu/.config/espanso"
14:40:17 [worker(22343)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
14:40:17 [worker(22343)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
14:40:17 [worker(22343)] [INFO] system info: NixOS v23.05 - kernel: 6.1.63
14:40:17 [worker(22343)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansoworkerv2.sock
14:40:17 [worker(22343)] [INFO] monitoring the status of the daemon process
14:40:17 [worker(22343)] [INFO] using WaylandAppInfoProvider
14:40:17 [worker(22343)] [WARN] EVDEV backend is being used, but without enabling linux capabilities.
14:40:17 [worker(22343)] [WARN]   Although you CAN run espanso EVDEV backend as root, it's not recommended due
14:40:17 [worker(22343)] [WARN]   to security reasons. Espanso supports linux capabilities to limit the attack surface
14:40:17 [worker(22343)] [WARN]   area by only leveraging on the CAP_DAC_OVERRIDE capability (needed to work with
14:40:17 [worker(22343)] [WARN]   /dev/input/* devices to detect and inject text) and disabling it as soon as the
14:40:17 [worker(22343)] [WARN]   initial setup is completed.
14:40:17 [worker(22343)] [INFO] detection module will use this keyboard layout: [R=, M=, L=fr, V=, O=]
14:40:17 [worker(22343)] [INFO] using EVDEVSource
14:40:17 [worker(22343)] [INFO] Querying modifier status...
23:03:14 [service(362360)] [INFO] reading configs from: "/home/manu/.config/espanso"
23:03:14 [service(362360)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
23:03:14 [service(362360)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
23:03:14 [service(362360)] [INFO] system info: NixOS v23.05 - kernel: 6.1.63
23:03:14 [service(362360)] [INFO] espanso is running

Hi,
I am trying to get version 2.2.1 to work, but I managed to hit the same road block.

Did you manage to find a solution?

Sorry, but no.
I didn’t find a solution and don’t know how and where to invest

I really need someone who master nixOS to point me a way to go…

perhaps you need also set something like this?

systemd.services.myService = {
  capabilities = [ "cap_dac_override=<whatever>" ];
};

This package is broken unfortunately.
espanso github issues has a number of nixos requests and the replies come back as the nix package needs attention
nix packages github has many issues that remain unanswered
I’ve been looking for many weeks for a workaround but no luck.
I’m yet to find any nix user that has espanso-wayland working. Suggestions are always appreciated. It’s just broken at the moment and needs coding attention (I wish I could help with code but alas … )

I’m not sure if Unusable in Wayland · Issue #1750 · espanso/espanso · GitHub is really fixed…

it isn’t and the code hasn’t seen any updates for quite a while

I just created a temporary workaround for espanso 2.2.1 that works on NixOs wayland. (hope you like it).

Thank you very much! I’ll try that the next time I’ll attempt to move to Wayland!

Your avatar confused the hell out of me .
I saw your post and thought: “WTF I can’t remember writing this at all and why is my username wrong?”

Hi! Thanks a lot @ingbarrozo to found a workaround for espanso.
I tried your code, but I got an error when switching nixos at this line https://github.com/ingbarrozo/espanso/blob/00c91924ddf91995c05bfad4bd2728482d5a59a4/default.nix#L46

I don’t use home manager.
I don’t know how or by what replacing this line. I’ve you got an idea ?

I think that by replacing line:
home.packages = [ config.programs.espanso.package ];
with line: users.users.“yourusername”.packages = [ config.programs.espanso.package ];
, could solve your problem.

let me know if that works.

hehehe, i think the name of the app is/was Androidify.

I created that avatar many years ago. (maybe 2012)

It works !
Awesome, thanks a lot for your help

Hm, for some reason I ran into Error: could not open uinput device, but I set the input group (see Error: could not open uinput device · Issue #1 · ingbarrozo/espanso · GitHub)

Hi there. I am trying to use the fix by @ingbarrozo and the build goes without a hitch. But when I try to follow the readme instructions where I register, then start the daemon with espanso start I get:

❯ espanso start
unable to start service: timed out
Hint: sometimes this happens because another Espanso process is left running for some reason.
      Please try running 'espanso restart' or manually killing all Espanso processes, then try again.

Ensured I was in the input group:

❯ getent group input
input:x:174:dustin

Then I check the logs with:

❯ sudo journalctl -xe
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [INFO] using runtime dir: "/home/dustin/.cache/espanso"
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [INFO] system info: NixOS v24.11 - kernel: 6.6.33
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [INFO] binded to IPC unix socket: /home/dustin/.cache/espanso/espansoworkerv2.sock
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [INFO] using WaylandAppInfoProvider
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [WARN] EVDEV backend is being used, but without enabling linux capabilities.
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [INFO] monitoring the status of the daemon process
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [WARN]   Although you CAN run espanso EVDEV backend as root, it's not recommended due
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [WARN]   to security reasons. Espanso supports linux capabilities to limit the attack surface
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [WARN]   area by only leveraging on the CAP_DAC_OVERRIDE capability (needed to work with
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [WARN]   /dev/input/* devices to detect and inject text) and disabling it as soon as the
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [WARN]   initial setup is completed.
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [WARN] unable to determine keyboard layout automatically, please explicitly specify it in the configuration.
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [INFO] using EVDEVSource
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [ERROR] Unable to open EVDEV devices, this usually has to do with permissions.
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [ERROR] You can either add the current user to the 'input' group or run espanso as root
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [ERROR] thread 'engine thread' panicked at 'failed to initialize detector module: detection source initialization failed': espanso/src/cli/worker/engine/mod.rs:140
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [ERROR] Unable to block the LinuxEventLoop: receiving on an empty and disconnected channel
Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [ERROR] thread 'main' panicked at 'unable to run main eventloop: receiving on an empty and disconnected channel': espanso/src/cli/worker/mod.rs:160
Jun 19 10:04:27 rembot .espanso-wrapped[158008]: 10:04:27 [daemon(158008)] [ERROR] received unexpected exit code from worker 101, exiting
Jun 19 10:04:27 rembot .espanso-wrapped[158001]: thread 'main' panicked at espanso/src/cli/launcher/mod.rs:213:45:
Jun 19 10:04:27 rembot .espanso-wrapped[158001]: failed to launch daemon: unexpected error, 'espanso daemon' returned a non-zero exit code.
Jun 19 10:04:27 rembot .espanso-wrapped[158001]: note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Jun 19 10:04:27 rembot systemd[6767]: espanso.service: Main process exited, code=exited, status=101/n/a
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ An ExecStart= process belonging to unit UNIT has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 101.
Jun 19 10:04:27 rembot systemd[6767]: espanso.service: Failed with result 'exit-code'.
░░ Subject: Unit failed

Found this interesting:

Jun 19 10:04:27 rembot .espanso-wrapped[158014]: 10:04:27 [worker(158014)] [ERROR] You can either add the current user to the 'input' group or run espanso as root

Fixed the keyboard warning as well.

But I also confirmed that above already.

So I tried (since espanso.service was referenced in journalctl output:

❯ sudo systemctl status espanso
Unit espanso.service could not be found.
❯ sudo systemctl status espanso --user
Failed to connect to bus: No medium found

Any ideas?

Every time I have an issue with the service (and don’t want to reboot, because that’s fixing the issue most of the time) I just kill every process of it and do a espanso start --unmanaged until the next reboot.

yeah, I found that the reboot was the solution. Now I am just trying to figure out why I get an “unknown” app showing (bug report here). It seems to have been fixed.

Now I will have a look at the workaround here to see if I can get a later version of espanso.

I also have a permanently open app (and started to live with it ).
I even have that on my Wayland build of the latest espanso 2.2.1 (nixcfg/apps/espanso/espanso.nix at 2c678ee8d2e203dd0585d2792269016df9920d0e · pbek/nixcfg · GitHub).