Install and Configure TaskWarrior and TaskServer on CentOS 7

TaskWarrior is a free and open-source productivity tool that enhances the functionality of the original Todo.txt application and its derivatives. Given that people often operate across multiple devices and platforms throughout their daily routines, it’s essential to have a unified database that can be updated and accessed from any location. This guide walks you through the process of setting up both the TaskServer (taskd) and the TaskWarrior client (task), enabling data synchronization across several devices with secure data transmission.

Core Features

• No cap on the number of tasks
• Ability to assign task priorities
• Filtering options for search
• Use of tags for categorization
• Syncing happens automatically
• Backups are generated automatically
• Users maintain full control and data ownership
• Data is transmitted over encrypted channels

System Requirements

• A CentOS 7 x64 server instance
• Access to a user account with sudo privileges
• A domain (e.g., taskd.example.com) that is directed to your server

Step 1: Perform System Update

Begin by logging into the server using your sudo-enabled user account. You’ll then install the EPEL repository and run a full system update using the following commands:

sudo yum install epel-release -y
sudo yum clean all && sudo yum update -y

Step 2: Set Up RPM Build Tools and Development Utilities

Since the EPEL repository does not provide a precompiled RPM for TaskServer (taskd), we need to manually compile the source code and create an RPM package.

Install Development Packages and Build Tools

To proceed, install GCC, Make, RPM development utilities, and tools for signing packages with the following command:

sudo yum install gcc gcc-c++ make rpmdevtools rpm-sign rpm-build -y

Create GnuPG Configuration Directory

Next, make a directory to hold GPG configuration files needed for signing your custom RPM:

mkdir .gnupg

Install Entropy Generator

To properly generate a cryptographic key, the system must have sufficient entropy. The rngd daemon helps with this by sourcing randomness from /dev/urandom. Install it as follows:

yum install rngd -y

Start the rngd daemon and configure it to use /dev/urandom as the randomness source:

sudo rngd -r /dev/urandom

Create a GPG Key Pair

Now you’ll create a new GPG key pair for RPM signing using the following command:

gpg --gen-key

When prompted during the GPG setup:

• Choose option 1 for “RSA and RSA (default)” and press Enter.
• Accept the default key size 2048 by pressing Enter.
• For key expiration, simply press Enter to use the default setting.
• Confirm the setup by entering y and pressing Enter.
• Input your desired name for the Real name field.
• Enter your preferred email address for the Email address field.
• You may leave the Comment field blank if desired.
• Review your details. If they’re correct, enter an uppercase O and press Enter.

GPG will now prompt you to set and confirm a password for your new key pair. Once this is done, the key pair will be saved within the .gnupg directory in your home folder.

Step 3: Export and Configure GPG Keys for RPM

Check GPG Directory Contents

Use the following command to view the files inside the .gnupg folder. You should see a directory named private-keys-v1.d and files like pubring.gpg, pubring.gpg~, random_seed, secring.gpg, S.gpg-agent, and trustdb.gpg:

ls -la .gnupg

Export the GPG Key Pair

Now export the generated GPG key. The --export flag tells GnuPG to export, while -a enables ASCII armor format. Be sure to substitute Joe Q. Public with the name used during key creation and jqpublic with your custom identifier:

gpg --export -a 'Joe Q. Public' > RPM-GPG-KEY-jqpublic

Import the GPG Key into the RPM System

Load the exported key into RPM’s keyring. Adjust jqpublic accordingly:

sudo rpm --import RPM-GPG-KEY-jqpublic

Verify the Imported GPG Key

Confirm that the key has been successfully added to RPM’s key management system using the following command. This will present the key in a user-friendly format:

rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

Create and Edit the .rpmmacros File

Customize RPM’s behavior by making a new file called .rpmmacros using nano as the text editor:

nano .rpmmacros

Add the following content to define your GPG identity and RPM build parameters. Update Joe Q. Public with the name used during GPG key generation:

%_gpg_name  Joe Q. Public
%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}
%_signature gpg
%_topdir %(echo $HOME)/rpmbuild

To save and exit the file: press CTRL + X, then S, followed by Enter.

Initialize RPM Build Environment

Set up your build tree and necessary directories by running the following command. It will also add helpful macros to the .rpmmacros file you created:

rpmdev-setuptree

Check the RPM Build Directory

Verify that the setup completed by listing the contents of the rpmbuild directory. You should find subdirectories named SOURCES, RPMS, BUILD, SRPMS, and SPECS:

find rpmbuild

Download TaskServer Source Code

Get the TaskServer source archive and place it into the rpmbuild/SOURCES directory:

wget https://taskwarrior.org/download/taskd-1.1.0.tar.gz -P rpmbuild/SOURCES/

Terminate rngd Process

Now that entropy generation is no longer needed, stop the rngd daemon using the following command:

sudo kill -9 rngd

Step 4: Compile TaskServer (taskd) into an RPM

To create a new RPM package for TaskServer, you need to write a SPEC file that defines how the package is built and installed.

Create the SPEC File

Open a new file named taskd.spec in the rpmbuild/SPECS directory using the following command:

nano rpmbuild/SPECS/taskd.spec

Paste the full content below into that file:

Name:           taskd
Version:        1.1.0
Release:        1%{?dist}
Summary:        Secure server providing multi-user, multi-client access to task data
Group:          Applications/Productivity
License:        MIT
URL:            http://tasktools.org/projects/taskd.html
Source0:        http://taskwarrior.org/download/%{name}-%{version}.tar.gz
Source1:        taskd.service
Source2:        taskd-config
Source3:        taskd.xml

BuildRequires:  cmake
BuildRequires:  libuuid-devel
BuildRequires:  gnutls-devel
BuildRequires:  shadow-utils

%if 0%{?rhel} && 0%{?rhel} <= 6
# On rhel, we don't need systemd to build.  but we do on centos.
# ...just to define some macros
%else
BuildRequires:  systemd
%endif

# For certificate generation
Requires:       gnutls-utils

# Systemd requires
Requires(post):    systemd
Requires(preun):   systemd
Requires(postun):  systemd

%description
The TaskServer is a lightweight, secure server providing multi-user,
multi-client access to task data. This allows true syncing between desktop and
mobile clients.

Users want task list access from multiple devices running software of differing
sophistication levels to synchronize data seamlessly. Synchronization requires
the ability to exchange transactions between devices that may not have
continuous connectivity, and may not have feature parity.

The TaskServer provides this and builds a framework to go several steps beyond
merely synchronizing data.

%prep
%setup -q %{name}-%{version}

%build
%cmake
make %{?_smp_mflags}

%install
make install DESTDIR=%{buildroot}

mkdir -p %{buildroot}%{_sharedstatedir}/taskd/

# Users will keep their keys here, but we copy some helpful scripts too.
mkdir -p %{buildroot}%{_sysconfdir}/pki/taskd/
cp -a pki/generate* %{buildroot}%{_sysconfdir}/pki/taskd/.

mkdir -p %{buildroot}%{_localstatedir}/log/taskd/

%if 0%{?rhel} && 0%{?rhel} <= 6
# EL6 and earlier needs a sysvinit script
# Also, no firewalld on old EL
%else
mkdir -p %{buildroot}%{_unitdir}/
cp -a %{SOURCE1} %{buildroot}%{_unitdir}/taskd.service

mkdir -p %{buildroot}%{_prefix}/lib/firewalld/services
cp -a %{SOURCE3} %{buildroot}%{_prefix}/lib/firewalld/services/taskd.xml
%endif

mkdir -p %{buildroot}%{_sharedstatedir}/taskd/orgs/
cp -a %{SOURCE2} %{buildroot}%{_sharedstatedir}/taskd/config

rm -r %{buildroot}%{_datadir}/doc/taskd/

%pre
getent group taskd >/dev/null || groupadd -r taskd
getent passwd taskd >/dev/null || \
    useradd -r -g taskd -d %{_sharedstatedir}/taskd/ -s /usr/bin/sh \
    -c "Task Server system user" taskd
exit 0

# Systemd scriptlets
%if 0%{?rhel} && 0%{?rhel} <= 6
# No systemd for el6
%else

%post
%systemd_post taskd.service

%preun
%systemd_preun taskd.service

%postun
%systemd_postun_with_restart taskd.service

%endif

%files
%doc AUTHORS COPYING ChangeLog NEWS README
%{_bindir}/taskd
%{_bindir}/taskdctl
%{_mandir}/man1/taskd.1.*
%{_mandir}/man1/taskdctl.1.*
%{_mandir}/man5/taskdrc.5.*

%{_sysconfdir}/pki/taskd/generate*

%dir %attr(0750, taskd, taskd) %{_sysconfdir}/pki/taskd/
%dir %attr(0750, taskd, taskd) %{_localstatedir}/log/taskd/

%dir %attr(0750, taskd, taskd) %{_sharedstatedir}/taskd/
%config(noreplace) %attr(0644, taskd, taskd) %{_sharedstatedir}/taskd/config
%dir %attr(0750, taskd, taskd) %{_sharedstatedir}/taskd/orgs/

%if 0%{?rhel} && 0%{?rhel} <= 6
# No sysvinit files for el6
%else
%{_unitdir}/taskd.service
%{_prefix}/lib/firewalld/services/taskd.xml
%endif

%changelog
* Thu Aug 17 2017 Jarrett Graham <jarrett+rpmbuild@jarrettgraham.com> - 1.1.0
- Initial packaging.
</jarrett+rpmbuild@jarrettgraham.com>

Step 5: Create Additional Files Required for RPM Packaging

The TaskServer RPM build process also depends on three specific files that must be placed in the rpmbuild/SOURCES directory. These include configuration, service definition, and firewall rule files.

Create the taskd-config File

Use the nano editor to generate the configuration file for TaskServer:

nano rpmbuild/SOURCES/taskd-config

Paste the configuration content below into the file:

# taskd configuration file
confirmation=1
verbose=1
ip.log=on
extensions=/usr/libexec/taskd
queue.size=10
request.limit=1048576
server=0.0.0.0:53589
root=/var/lib/taskd
log=/var/log/taskd/taskd.log
pid.file=/var/run/taskd.pid
ca.cert=/etc/pki/taskd/ca.cert.pem
server.cert=/etc/pki/taskd/server.cert.pem
server.key=/etc/pki/taskd/server.key.pem
server.crl=/etc/pki/taskd/server.crl.pem

Create the taskd.service File

Now create the systemd service definition file using nano:

nano rpmbuild/SOURCES/taskd.service

Enter the following service unit configuration into the file:

[Unit]
Description=Secure server providing multi-user, multi-client access to task data
After=network.target
Documentation=https://tasktools.org/projects/taskd.html

[Service]
ExecStart=/usr/bin/taskd server --data /var/lib/taskd
Type=simple
User=taskd
Group=taskd

[Install]
WantedBy=multi-user.target

Create the taskd.xml File

Finally, use nano once more to generate the firewall service definition file:

nano rpmbuild/SOURCES/taskd.xml

Insert the following XML content, which defines the TaskServer’s TCP port for firewalld:

  Task-warrior server
  This option allows you to connect to the task warrior server.
  

Step 6: Compile and Install the TaskServer RPM

Before building the RPM for TaskServer (taskd), you must install the necessary dependencies that are essential for the compilation process. These include CMake, UUID libraries, and GnuTLS libraries.

Install Required Build Dependencies

Use the following command to install the required development libraries and utilities:

sudo yum install cmake libuuid-devel gnutls-devel gnutls-utils -y

Build the TaskServer RPM Package

Now that everything is ready, it’s time to generate the RPM package from source. Navigate to the directory containing the SPEC file and run the build command. On a instance with a single CPU, this step typically completes in under a minute. When prompted, enter the GPG password that you configured earlier to sign the package:

cd rpmbuild/SPECS/
rpm -ba -sign taskd.spec

Install the Compiled RPM

After the build is complete, return to your home directory and install the newly created RPM file using the command below:

cd
sudo rpm -ivh rpmbuild/RPMS/x86_64/taskd-1.1.0-1.el7.centos.x86_64.rpm

Step 7: Set Up TaskServer for Client Communication

For TaskServer (taskd) to interact and synchronize with TaskWarrior (task) clients, you need to create the necessary server and client certificates. These are generated using scripts located in /etc/pki/taskd/.

Switch to Root and Navigate to Certificate Directory

Switch to the root user and move into the certificate directory with the following commands:

sudo su -
cd /etc/pki/taskd/

Create the vars File for Root CA Configuration

Use nano to create a file named vars which is used to define the certificate authority details:

nano vars

Paste the following into the file. Update the organization, domain, and location fields as needed:

BITS=4096
EXPIRATION_DAYS=365
ORGANIZATION="centron.de"
CN=taskd.example.com
COUNTRY=US
STATE="New York"
LOCALITY="New York"

Generate the Certificates and Keys

With the vars file in place, execute the commands below to generate the self-signed root CA, server certificate, key, and optional revocation list:

./generate.ca
./generate.server
./generate.crl

These scripts will generate ca.cert.pem, ca.key.pem, server.cert.pem, server.key.pem, and server.crl.pem within the /etc/pki/taskd/ directory.

Set File Ownership and Permissions

In order for TaskServer to launch correctly, adjust the file ownership and restrict permissions using the following commands:

chown taskd.taskd ca.cert.pem ca.key.pem server.cert.pem server.crl.pem server.key.pem
chmod 400 ca.cert.pem ca.key.pem server.cert.pem server.crl.pem server.key.pem

Activate and Launch TaskServer

Enable the TaskServer service and start the daemon to begin accepting connections:

systemctl enable taskd
systemctl start taskd

Open Firewall Port

Allow traffic on the TaskServer default port (53589/tcp) through the firewall:

firewall-cmd --permanent --zone=public --add-port=53589/tcp
firewall-cmd --reload

Congratulations! TaskServer (taskd) is now fully installed, configured, and running on your CentOS 7 system.

Step 8: Generate and Configure TaskWarrior Client Certificates

To establish secure communication between the TaskServer (taskd) and the TaskWarrior (task) client, you’ll need to generate a client-side certificate and private key. This ensures encrypted data exchange.

Create a New Client Certificate

Run the following command while replacing NAME with an identifier of your choice for this client device:

generate.client NAME

This will generate NAME.cert.pem and NAME.key.pem inside the /etc/pki/taskd/ directory.

Copy Certificate Files to Your Home Directory

Transfer the generated certificate and key files, along with the root CA certificate, to your user’s home directory. Replace joeqpublic with your actual username:

cp ca.cert.pem NAME.cert.pem NAME.key.pem /home/joeqpublic/
chown joeqpublic.joeqpublic /home/joeqpublic/*.pem
chmod 400 /home/joeqpublic/*.pem

Archive the Certificate Files

Bundle the certificate files into a single ZIP archive to simplify the transfer to your TaskWarrior client system:

zip certficates.zip ca.cert.pem NAME.cert.pem NAME.key.pem

You can use scp on the command line or a graphical interface like WinSCP to download the certficates.zip file from your server to your local computer, laptop, or mobile device.

Exit Root Mode

After completing the certificate tasks, exit the root shell and continue as your normal user account:

exit

With this, your TaskServer (taskd) setup is now ready to accept connections from TaskWarrior (task) clients.

Step 9: Install TaskWarrior on Windows 10

If you’re using Windows 10 (version 1607 or later), you’ll need to install the Windows Subsystem for Linux (WSL) in order to run TaskWarrior.

Install the Windows Subsystem for Linux (WSL)

Start by opening PowerShell with administrative rights. Press the Windows key, type powershell, then right-click on Windows PowerShell and choose Run as administrator. When prompted by User Account Control, click Yes.

Paste the following command into PowerShell to enable WSL. Once the installation is done, press Y to restart your system:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

Install Ubuntu on WSL

After the reboot, launch a Command Prompt and enter the command below to begin installing Ubuntu. When prompted, confirm by pressing Y. Ubuntu will be downloaded and extracted. You will then be asked to choose a username and password:

bash

Install TaskWarrior

Within the Bash console, install TaskWarrior by entering the following:

sudo apt-get install task -y

Type exit twice to close both the Bash session and the Command Prompt.

Access Bash Quickly via Taskbar

Click the Start Menu, type ubuntu, right-click on Bash on Ubuntu on Windows, and select Pin to taskbar for easy access.

Initialize TaskWarrior Configuration

Click on the newly pinned Ubuntu icon on your taskbar to launch the Bash terminal. Then initialize TaskWarrior’s configuration and data directory by running:

task version
yes

Transfer and Unpack Certificates

Move the certficates.zip archive that was created during server setup to the ~/.task/ directory. Before extracting the archive, make sure the unzip tool is installed. Replace WINDOWSUSER with your actual Windows username:

sudo apt-get install unzip -y
cp /mnt/c/User/WINDOWSUSER/Desktop/certificates.zip .
cd .task
unzip ../certificates.zip
cd

Configure TaskWarrior Client for Sync

Set up the connection details for your TaskWarrior client. Replace the following placeholders as applicable:

– NAME: the name you assigned to your client certificate.
– GROUP: the user group you created.
– Joe Q. Public: your TaskServer username.
– XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX: your unique user key.

task config taskd.ca -- ~/.task/ca.cert.pem
task config taskd.certificate -- ~/.task/NAME.cert.pem
task config taskd.key -- ~/.task/NAME.key.pem
task config taskd.server -- taskd.example.com:53589
task config taskd.credentials -- GROUP/Joe Q. Public/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

Initialize the TaskWarrior Sync Database

Finally, initialize the synchronization database using the command below:

task sync init

TaskWarrior is now successfully connected and syncing with your TaskServer instance on Windows 10.

Step 10: Set Up TaskWarrior on Android

To run TaskWarrior on Android, you will need to install the dedicated TaskWarrior For Android application from the Google Play Store.

Install the App from Google Play

Begin by downloading and installing TaskWarrior For Android directly from the Play Store.

Initial App Setup

Launch the app. When prompted to create an account, enter the same username you registered on your TaskServer instance. Leave the Data Folder option as <<Create new>>, then tap OK.

Create a Certificate Folder

Using a file manager application on your device, create a directory at the root of your internal storage. For example:

/storage/emulated/0/Certs

Minimize the TaskWarrior app for now and extract the contents of your previously created certificates.zip file into this directory.

Configure Sync Settings in the App

Bring the app back into focus. Tap the menu icon located in the top-left corner, scroll down, and tap on Settings.

You will be presented with a basic configuration editor. Enter the following options to connect with your TaskServer instance:

• taskd.ca – Path to your root CA certificate
• taskd.certificate – Path to your client certificate
• taskd.key – Path to your client private key
• taskd.credentials – Combination of group, username, and TaskServer ID
• taskd.server – Address and port of your TaskServer

Replace the placeholder values accordingly: NAME with your cert/key filename, GROUP with the group name, Joe Q. Public with your TaskServer username, and XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX with your server-issued key:

taskd.ca=/storage/emulate/0/Certs/ca.cert.pem
taskd.certificate=/storage/emulate/0/Certs/NAME.cert.pem
taskd.credentials=GROUP/Joe Q. Public/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
taskd.key=/storage/emulate/0/Certs/NAME.key.pem
taskd.server=taskd.example.com:53589

Save Your Configuration

Once all fields are filled in, tap the floppy disk icon to save your settings.

Your Android device is now fully configured to sync TaskWarrior with your TaskServer instance.

Step 11: Set Up TaskWarrior on Linux

To install TaskWarrior (task) on your Linux system, refer to the official distribution packages for your specific Linux distribution and follow their instructions.

Initialize TaskWarrior Configuration

Open your terminal and run the following command to automatically generate the ~/.task/ data directory and the .taskrc configuration file:

task version
yes

Transfer and Extract Certificates

Move the certificates.zip file created earlier during your TaskServer setup into your user directory. Use your distribution’s package manager to install unzip if not already available. Then extract the archive inside the ~/.task/ directory. Replace the file path accordingly:

cp /location/of/certificates.zip .
cd .task
unzip ../certificates.zip
cd

Configure Sync Connection to TaskServer

Update your TaskWarrior configuration to point to the correct certificate files and TaskServer instance. Substitute the placeholder values:

– NAME: the name used for your client certificate
– GROUP: the user group you created
– Joe Q. Public: your TaskServer username
– XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX: your TaskServer-issued user key

task config taskd.ca -- ~/.task/ca.cert.pem
task config taskd.certificate -- ~/.task/NAME.cert.pem
task config taskd.key -- ~/.task/NAME.key.pem
task config taskd.server -- taskd.example.com:53589
task config taskd.credentials -- GROUP/Joe Q. Public/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

Initialize Task Sync

To complete setup, initialize your local database to begin syncing with TaskServer:

task sync init

Optional: Gnome Shell Integration

If you’re running Gnome Shell, consider installing the TaskWhisper extension, which integrates TaskWarrior directly into your desktop environment.

TaskWarrior is now fully configured to sync with your TaskServer instance on your preferred Linux distribution.

Conclusion

With this guide, you’ve successfully set up a secure, synchronized task management system using TaskWarrior and TaskServer. From building and configuring the server on CentOS 7 to deploying TaskWarrior clients across Windows, Android, and Linux, each step ensures encrypted, multi-device task synchronization.

This setup empowers you to manage unlimited tasks across platforms with full control, privacy, and reliability. Whether you prefer command-line workflows or mobile convenience, TaskWarrior offers flexibility without compromising data integrity or security.

Now you’re ready to streamline your productivity with a robust, open-source solution designed for modern multi-platform environments.