Espanso daemon problem

ManUtopiK · November 11, 2023, 12:56am

Hi!

I try to install espanso.
First, I enabled the dedicated service with services.espanso.enable = true. But I use wayland and this service seems to be for X11.
I added espanso-wayland in my systemPackages and imported this expanso.nix file :

{ config, lib, pkgs, ... }:

{
  systemd.services.espanso = {
    description = "ESPANSO";
    after = [ "syslog.target" "network.target" ];
    wantedBy = [ "default.target" ];

    serviceConfig = {
      ExecStart = "${pkgs.espanso-wayland}/bin/espanso daemon";
      Type = "simple";
      Restart = "always";
      RestartSec = 3;
      User = "manu";
      Group = "users";
      CapabilityBoundingSet = "CAP_DAC_OVERRIDE";
      AmbientCapabilities = "CAP_DAC_OVERRIDE";
    };
 };

 systemd.services.espanso.enable = true;
}

But it still doesn’t work

systemctl status espanso return this :

espanso.service - ESPANSO
     Loaded: loaded (/etc/systemd/system/espanso.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Sat 2023-11-11 01:05:59 CET; 37min ago
   Duration: 48ms
    Process: 227636 ExecStart=/nix/store/p9k8cn912336wfqrmv37f71bv4fiy97b-espanso-2.1.8/bin/espanso daemon (code=exited, status=101)
   Main PID: 227636 (code=exited, status=101)
         IP: 0B in, 0B out
        CPU: 47ms

What I get with espanso log or espanso daemon :

01:45:17 [daemon(251647)] [INFO] reading configs from: "/home/manu/.config/espanso"
01:45:17 [daemon(251647)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
01:45:17 [daemon(251647)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
01:45:17 [daemon(251647)] [INFO] system info: NixOS v23.05 - kernel: 6.1.61
01:45:17 [daemon(251647)] [WARN] keyboard layout watcher couldn't determine active layout.
01:45:17 [daemon(251647)] [INFO] watching for changes in path: "/home/manu/.config/espanso"
01:45:17 [daemon(251647)] [INFO] espanso version: 2.1.8
01:45:17 [daemon(251647)] [INFO] spawning the worker process...
01:45:17 [daemon(251647)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansodaemonv2.sock
01:45:17 [worker(251653)] [INFO] reading configs from: "/home/manu/.config/espanso"
01:45:17 [worker(251653)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
01:45:17 [worker(251653)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
01:45:17 [worker(251653)] [INFO] system info: NixOS v23.05 - kernel: 6.1.61
01:45:17 [worker(251653)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansoworkerv2.sock
01:45:17 [worker(251653)] [INFO] monitoring the status of the daemon process
01:45:17 [worker(251653)] [INFO] using WaylandAppInfoProvider
01:45:17 [worker(251653)] [WARN] EVDEV backend is being used, but without enabling linux capabilities.
01:45:17 [worker(251653)] [WARN]   Although you CAN run espanso EVDEV backend as root, it's not recommended due
01:45:17 [worker(251653)] [WARN]   to security reasons. Espanso supports linux capabilities to limit the attack surface
01:45:17 [worker(251653)] [WARN]   area by only leveraging on the CAP_DAC_OVERRIDE capability (needed to work with
01:45:17 [worker(251653)] [WARN]   /dev/input/* devices to detect and inject text) and disabling it as soon as the
01:45:17 [worker(251653)] [WARN]   initial setup is completed.
01:45:17 [worker(251653)] [INFO] detection module will use this keyboard layout: [R=, M=, L=fr, V=, O=]
01:45:17 [worker(251653)] [INFO] using EVDEVSource
01:45:17 [worker(251653)] [ERROR] Unable to open EVDEV devices, this usually has to do with permissions.
01:45:17 [worker(251653)] [ERROR] You can either add the current user to the 'input' group or run espanso as root
01:45:17 [worker(251653)] [ERROR] thread 'engine thread' panicked at 'failed to initialize detector module: detection source initialization failed': espanso/src/cli/worker/engine/mod.rs:139
01:45:17 [worker(251653)] [ERROR] Unable to block the LinuxEventLoop: receiving on an empty and disconnected channel
01:45:17 [worker(251653)] [ERROR] thread 'main' panicked at 'unable to run main eventloop: receiving on an empty and disconnected channel': espanso/src/cli/worker/mod.rs:160
01:45:17 [daemon(251647)] [ERROR] received unexpected exit code from worker 101, exiting

The problem seems to come from CAP_DAC_OVERRIDE. This is why I added CapabilityBoundingSet and AmbientCapabilities to the systemd service.
But I’m not sure I should add this capabilities to the daemon worker. Maybe I should add this to the espanso executable instead. Not sure. I tried sudo setcap "cap_dac_override+p" $(which espanso) but don’t work.

I don’t know exactly what I’m doing. Just hacking.
Why EVDEV don’t want to be used ?
If someone get an idea about my journey, I’ll take it !

ManUtopiK · November 30, 2023, 10:29pm

As suggested by @gaelreyrol on matrix, I added my user in the input group with :
users.users.manu.extraGroups = [ "input" ];

I use id -nG manu to check my user is well in the group.

Still not working. I can’t trigger expansion. espanso status tell espanso is running.
My nix question is How to set the CAP_DAC_OVERRIDE capability ? Is my systemd.service not good ?

Here the espanso log output :

14:40:17 [daemon(22337)] [INFO] reading configs from: "/home/manu/.config/espanso"
14:40:17 [daemon(22337)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
14:40:17 [daemon(22337)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
14:40:17 [daemon(22337)] [INFO] system info: NixOS v23.05 - kernel: 6.1.63
14:40:17 [daemon(22337)] [INFO] watching for changes in path: "/home/manu/.config/espanso"
14:40:17 [daemon(22337)] [WARN] keyboard layout watcher couldn't determine active layout.
14:40:17 [daemon(22337)] [INFO] espanso version: 2.1.8
14:40:17 [daemon(22337)] [INFO] spawning the worker process...
14:40:17 [daemon(22337)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansodaemonv2.sock
14:40:17 [worker(22343)] [INFO] reading configs from: "/home/manu/.config/espanso"
14:40:17 [worker(22343)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
14:40:17 [worker(22343)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
14:40:17 [worker(22343)] [INFO] system info: NixOS v23.05 - kernel: 6.1.63
14:40:17 [worker(22343)] [INFO] binded to IPC unix socket: /home/manu/.cache/espanso/espansoworkerv2.sock
14:40:17 [worker(22343)] [INFO] monitoring the status of the daemon process
14:40:17 [worker(22343)] [INFO] using WaylandAppInfoProvider
14:40:17 [worker(22343)] [WARN] EVDEV backend is being used, but without enabling linux capabilities.
14:40:17 [worker(22343)] [WARN]   Although you CAN run espanso EVDEV backend as root, it's not recommended due
14:40:17 [worker(22343)] [WARN]   to security reasons. Espanso supports linux capabilities to limit the attack surface
14:40:17 [worker(22343)] [WARN]   area by only leveraging on the CAP_DAC_OVERRIDE capability (needed to work with
14:40:17 [worker(22343)] [WARN]   /dev/input/* devices to detect and inject text) and disabling it as soon as the
14:40:17 [worker(22343)] [WARN]   initial setup is completed.
14:40:17 [worker(22343)] [INFO] detection module will use this keyboard layout: [R=, M=, L=fr, V=, O=]
14:40:17 [worker(22343)] [INFO] using EVDEVSource
14:40:17 [worker(22343)] [INFO] Querying modifier status...
23:03:14 [service(362360)] [INFO] reading configs from: "/home/manu/.config/espanso"
23:03:14 [service(362360)] [INFO] reading packages from: "/home/manu/.config/espanso/match/packages"
23:03:14 [service(362360)] [INFO] using runtime dir: "/home/manu/.cache/espanso"
23:03:14 [service(362360)] [INFO] system info: NixOS v23.05 - kernel: 6.1.63
23:03:14 [service(362360)] [INFO] espanso is running