nixos/espanso: provide required capabilities for espanso-wayland

  };

  config = lib.mkIf cfg.enable {

    security.wrappers.espanso = lib.mkIf (cfg.package.waylandSupport or false) {

      capabilities = "cap_dac_override+p";

      owner = "root";

      group = "root";

      source = lib.getExe (

        pkgs.espanso-wayland.override { securityWrapperPath = config.security.wrapperDir; }

      );

    };

    systemd.user.services.espanso = {

      description = "Espanso daemon";

      serviceConfig = {

        ExecStart = "${lib.getExe cfg.package} daemon";

        ExecStart = "${

          if (cfg.package.waylandSupport or false) then

            "${config.security.wrapperDir}/espanso"

          else

            lib.getExe cfg.package

        } daemon";

        Restart = "on-failure";

      };

      wantedBy = [ "default.target" ];

  wl-clipboard,

  wxGTK32,

  makeWrapper,

  securityWrapperPath ? null,

  nix-update-script,

  stdenv,

  waylandSupport ? false,

    xdotool

  ];

  postPatch = lib.optionalString stdenv.hostPlatform.isDarwin ''

  postPatch =

    lib.optionalString stdenv.hostPlatform.isDarwin ''

      substituteInPlace scripts/create_bundle.sh \

        --replace-fail target/mac/ $out/Applications/ \

        --replace-fail /bin/echo ${coreutils}/bin/echo

      substituteInPlace espanso/src/path/macos.rs  espanso/src/path/linux.rs \

        --replace-fail '"/usr/local/bin/espanso"' '"${placeholder "out"}/bin/espanso"'

    ''

    + lib.optionalString (securityWrapperPath != null) ''

      substituteInPlace espanso/src/cli/daemon/mod.rs \

        --replace-fail \

          'std::env::current_exe().expect("unable to obtain espanso executable location");' \

          'std::ffi::OsString::from("${securityWrapperPath}/espanso");'

    '';

  # Some tests require networking