(instructions currently not working)

Switch to root to make things easier.

> yay -S

> export TASKDDATA=/var/lib/taskd

Edit `/usr/share/doc/taskd/pki/vars` so that ``CN'' = the hostname (IP is fine).

> cd /usr/share/doc/taskd/pki

Execute the `generate` file to generate a selfsigned certificate for the server.  These will be \*.pem-files.  Copy all \*.pem-files to /var/lib/taskd.

Make sure a copy of ca.cert.pem remains to generate user-certificates later.

# Taskd Configurations

> taskd config --force client.cert $TASKDDATA/client.cert.pem

> taskd config --force client.key $TASKDDATA/client.key.pem

> taskd config --force server.cert $TASKDDATA/server.cert.pem

> taskd config --force server.key $TASKDDATA/server.key.pem

> taskd config --force server.crl $TASKDDATA/server.crl.pem

> taskd config --force ca.cert $TASKDDATA/ca.cert.pem

# Change Taskd Log Location
The default is /tmp/log, which obviously you don't want.

> touch /var/log/taskd.log

> chown taskd:taskd /var/log/taskd.log

> taskd config --force log /var/log/taskd.log

Finally, set up the servername - the same one as in the certificates.  Mine is ``testarch''.

> taskd config --force server testarch:9001

# Adding users
Let's add the group ``home'', then the user ``ghost'', will go in that group.

> taskd add org home

> taskd add user home ghost

`3f9e6154-25cb-4e45-88bb-45e98feef904`

> taskd add user home alfred

`4fbb319c-c493-437a-ab7a-028f5b75e522`

The user then gets a key.

Finally, make sure that taskd can read its own data>

> chown -R taskd:taskd /var/lib/taskd/orgs

... or perhaps the entire directory of /var/lib/taskd/.

Then it's back to /usr/share/doc/taskd/pki 

Generate some userfiles:

> ./generate.client ghost

> ./generate.client alfred

The bob and ghost \*pem files have to be added to the given users' home directories.

# Setting up Users

> sudo apt-get install taskwarrior taskd

> task

Then move the \*pem files into the .task directory of the user.

Don't forget to add the ca.key.pem from `/usr/share/doc/taskd/pki`!

# Attempt 2

Well, none of that worked.

New info from [taskwarrior](https://gitpitch.com/GothenburgBitFactory/taskserver-setup#/1/4)

Default port = 53589

starting with

> taskd init

> taskd config server localhost:53589

View supported settings with `taskdrc`.

!!! Start with taskdctl start

Do a non-daemon version with 

> taskd server --data $TASKDDATA --daemon

# Systemd Unit file

This needs to be edited for "$TASKDDATA", "$TASKDUSER", and "$TASKDGROUP".


```

Unit]
Description=Secure server providing multi-user, multi-client access to Taskwarrior data
Requires=network.target
After=network.target
Documentation=http://taskwarrior.org/docs/#taskd
 
[Service]
ExecStart=/usr/local/bin/taskd server --data $TASKDDATA
Type=simple
User=$TASKDUSER
Group=$TASKDGROUP
WorkingDirectory=$TASKDDATA
PrivateTmp=true
InaccessibleDirectories=/home /root /boot /opt /mnt /media
ReadOnlyDirectories=/etc /usr
 
[Install]
WantedBy=multi-user.target

```

Enable all this by copying the file to `/etc/systemd/system`, reload daemon, then start it.

Key for ghost:
29bd8a06-2cc0-4163-905d-6216257a3031

e29bffe0-72d8-45f2-b1f9-f29397cfab16

# Different:

$ task config taskd.certificate -- ~/.task/first_last.cert.pem
$ task config taskd.key         -- ~/.task/first_last.key.pem
$ task config taskd.ca          -- ~/.task/ca.cert.pem

# Trust

For troubleshooting we can set:

> taskd.trust=ignore [hostname]

> taskd.trust=allow all

> taskd.trust=strict

# User Defines Attributes - UDA

Each UDA has two to four attributes: type (numeric or string) and label are necessary:

> task config uda.THING.type {numeric,string}

> task config uda.THING.label Thg

Constrain these attributes to a comma-delineated set with:

> task config uda.THING.values brown,orange,green

You can also show how important the Attribute makes something:

> urgency.uda.THING.coefficient=2.8

# Aliases

Alias `delete' to `rm' with:

task config alias.rm delete