Hi!
I try to install espanso.
First, I enabled the dedicated service with services.espanso.enable = true
. But I use wayland and this service seems to be for X11.
I added espanso-wayland in my systemPackages
and imported this expanso.nix
file :
{ config, lib, pkgs, ... }:
{
systemd.services.espanso = {
description = "ESPANSO";
after = [ "syslog.target" "network.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.espanso-wayland}/bin/espanso daemon";
Type = "simple";
Restart = "always";
RestartSec = 3;
User = "manu";
Group = "users";
CapabilityBoundingSet = "CAP_DAC_OVERRIDE";
AmbientCapabilities = "CAP_DAC_OVERRIDE";
};
};
systemd.services.espanso.enable = true;
}
But it still doesn’t work
systemctl status espanso
return this :
espanso.service - ESPANSO
Loaded: loaded (/etc/systemd/system/espanso.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Sat 2023-11-11 01:05:59 CET; 37min ago
Duration: 48ms
Process: 227636 ExecStart=/nix/store/p9k8cn912336wfqrmv37f71bv4fiy97b-espanso-2.1.8/bin/espanso daemon (code=exited, status=101)
Main PID: 227636 (code=exited, status=101)
IP: 0B in, 0B out
CPU: 47ms
What I get with espanso log
or espanso daemon
:
01:45:17 [daemon(251647)] [INFO] reading configs from: "/home/manu/.config/espanso"
01:45:17 [daemon(251647)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
01:45:17 [daemon(251647)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
01:45:17 [daemon(251647)] [INFO] system info: NixOS v23.05 - kernel: 6.1.61
01:45:17 [daemon(251647)] [WARN] keyboard layout watcher couldn't determine active layout.
01:45:17 [daemon(251647)] [INFO] watching for changes in path: "/home/manu/.config/espanso"
01:45:17 [daemon(251647)] [INFO] espanso version: 2.1.8
01:45:17 [daemon(251647)] [INFO] spawning the worker process...
01:45:17 [daemon(251647)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansodaemonv2.sock
01:45:17 [worker(251653)] [INFO] reading configs from: "/home/manu/.config/espanso"
01:45:17 [worker(251653)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
01:45:17 [worker(251653)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
01:45:17 [worker(251653)] [INFO] system info: NixOS v23.05 - kernel: 6.1.61
01:45:17 [worker(251653)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansoworkerv2.sock
01:45:17 [worker(251653)] [INFO] monitoring the status of the daemon process
01:45:17 [worker(251653)] [INFO] using WaylandAppInfoProvider
01:45:17 [worker(251653)] [WARN] EVDEV backend is being used, but without enabling linux capabilities.
01:45:17 [worker(251653)] [WARN] Although you CAN run espanso EVDEV backend as root, it's not recommended due
01:45:17 [worker(251653)] [WARN] to security reasons. Espanso supports linux capabilities to limit the attack surface
01:45:17 [worker(251653)] [WARN] area by only leveraging on the CAP_DAC_OVERRIDE capability (needed to work with
01:45:17 [worker(251653)] [WARN] /dev/input/* devices to detect and inject text) and disabling it as soon as the
01:45:17 [worker(251653)] [WARN] initial setup is completed.
01:45:17 [worker(251653)] [INFO] detection module will use this keyboard layout: [R=, M=, L=fr, V=, O=]
01:45:17 [worker(251653)] [INFO] using EVDEVSource
01:45:17 [worker(251653)] [ERROR] Unable to open EVDEV devices, this usually has to do with permissions.
01:45:17 [worker(251653)] [ERROR] You can either add the current user to the 'input' group or run espanso as root
01:45:17 [worker(251653)] [ERROR] thread 'engine thread' panicked at 'failed to initialize detector module: detection source initialization failed': espanso/src/cli/worker/engine/mod.rs:139
01:45:17 [worker(251653)] [ERROR] Unable to block the LinuxEventLoop: receiving on an empty and disconnected channel
01:45:17 [worker(251653)] [ERROR] thread 'main' panicked at 'unable to run main eventloop: receiving on an empty and disconnected channel': espanso/src/cli/worker/mod.rs:160
01:45:17 [daemon(251647)] [ERROR] received unexpected exit code from worker 101, exiting
The problem seems to come from CAP_DAC_OVERRIDE
. This is why I added CapabilityBoundingSet
and AmbientCapabilities
to the systemd service.
But I’m not sure I should add this capabilities to the daemon worker. Maybe I should add this to the espanso executable instead. Not sure. I tried sudo setcap "cap_dac_override+p" $(which espanso)
but don’t work.
I don’t know exactly what I’m doing. Just hacking.
Why EVDEV don’t want to be used ?
If someone get an idea about my journey, I’ll take it !