Taskd
taskd is a lightweight, secure server providing multi-user, multi-client access to task data. This allows true syncing between desktop and mobile clients.
Contents
Server
Installation
taskd is available in the AUR as taskdAUR and taskd-gitAUR.
Setup
Once taskd is installed, you need to set it up. The first step is toexport TASKDDATA=/var/lib/taskd(otherwise you need to append
--data /var/lib/taskd
to every taskd command).
Next, edit the /usr/share/doc/taskd/pki/vars
file. The CN=
line must either match the server's hostname or IP address, depending on how you connect. Once the file is edited to your heart's content, run /usr/share/doc/taskd/pki/generate
. This will create selfsigned certificates for your server. Copy all generated *.pem-files to /var/lib/taskd
. Note that at least the ca.cert.pem must remain in the pki folder for the user-certificate generation later on.
Now you need to configure the taskd config. This can be done by either using taskd config
or editing /var/lib/taskd/config
directly.
taskd config --force client.cert $TASKDDATA/client.cert.pem taskd config --force client.key $TASKDDATA/client.key.pem taskd config --force server.cert $TASKDDATA/server.cert.pem taskd config --force server.key $TASKDDATA/server.key.pem taskd config --force server.crl $TASKDDATA/server.crl.pem taskd config --force ca.cert $TASKDDATA/ca.cert.pem
Additionally you should change where taskd logs to, since the default is /tmp/log. This can be done by running
touch /var/log/taskd.log chown taskd:taskd /var/log/taskd.log taskd config --force log /var/log/taskd.log
The last step is to set taskd's server name, which must be the same as the one used in the certificates: taskd config --force server servername:port
. Note that taskd has no default port and it must be set manually.
Adding a user in taskd
taskd knows about groups and users, and each user must be in a group. The group- and usernames can be whatever you want.
taskd add org group taskd add user group username
Note the key the last command returns, the user will need it to synchronize.
Make sure new group and user are readable by user taskd.
chown -R taskd:taskd /var/lib/taskd/orgsReturn to
/usr/share/doc/taskd/pki/
and run ./generate.client usernameThis will return username.cert.pem and username.key.pem. The username.key.pem, username.cert.pem and ca.cert.pem must be added to the user's
~/.task
directory.
Client
User configuration
Once the *.pem files are added to ~/.task
, they must be added to the task config, along with the servername and unique ID.
task config taskd.certificate ~/.task/username.cert.pem task config taskd.key ~/.task/username.key.pem task config taskd.ca ~/.task/ca.cert.pem task config taskd.server servername:port task config taskd.credentials group/username/key
After you're done, check the config file. task likes to escape slashes.
After running a task sync init
, the user is able to synchronize taskwarrior whereever pleased.
Using the Android Taskwarrior app
Before you even download the android app, you need to create a folder. On your external storage (or if you only have an internal one, then there) create the folder Android/data/kvj.taskw/files/key
where "key" is the same as the key given when creating the user in taskd. Then add the username.key.pem, username.cert.pem and ca.cert.pem files to that folder. Create a new file in that folder called .taskrc.android
. It should look like this:
taskd.server=servername:port taskd.credentials=group/username/key taskd.certificate=username.cert.pem taskd.key=username.key.pem taskd.ca=ca.cert.pem
Now download the app and start it. When adding a profile, choose the datafolder you just created. Taskwarrior should now sync and work as expected.
Troubleshooting
Unreachable Server
Should the server be unreachable but running, it bound itself to an IPv6 address. You can force IPv4 by adding family=IPv4
to /var/lib/taskd/config
. Restart taskd afterwards.
"Bad Key"
If the server responds with a "Bad Key" error even though you just generated them, check the permissions of the created folders (everything in /var/lib/taskd/
and subfolders). taskd doesn't set it's own uid / gid, so those folders must be manually chowned to taskd.