diff --git a/.gitignore b/.gitignore
index 5e73cfa4e..e3f702e83 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,9 +17,12 @@ tools/orca/example_profiles/small/orca-edited.toml
 /docs/
 # webui things we don't need
 *.d.ts
-
 server/web_ui/*/pkg/*.js
 
+# coverage-related things
+*.profraw
+tarpaulin-report.html
+
 # kanidm simple packaging
 deployment-config/
 kanidm_simple_pkg/
@@ -35,6 +38,7 @@ pykanidm/site/
 # oauth2 integration test things
 scripts/oauth_proxy/client.secret
 scripts/oauth_proxy/envfile
+
 # local config things
 .envrc
 
diff --git a/Makefile b/Makefile
index f44c275bb..bff9bbef9 100644
--- a/Makefile
+++ b/Makefile
@@ -314,26 +314,15 @@ cert/clean:
 	rm -f /tmp/kanidm/ca.txt*
 	rm -f /tmp/kanidm/ca.{cnf,srl,srl.old}
 
-.PHONY: rust/coverage
-coverage/test: ## Run coverage tests
-coverage/test:
-	LLVM_PROFILE_FILE="$(PWD)/target/profile/coverage-%p-%m.profraw" RUSTFLAGS="-C instrument-coverage" cargo test $(TESTS)
-
-.PHONY: coverage/grcov
-coverage/grcov: ## Run grcov
-coverage/grcov:
-	rm -rf ./target/coverage/html
-	grcov . --binary-path ./target/debug/deps/ \
-		-s . \
-		-t html \
-		--branch \
-		--ignore-not-existing \
-		--ignore '../*' \
-		--ignore "/*" \
-		--ignore "target/*" \
-		-o target/coverage/html
 
 .PHONY: coverage
-coverage: ## Run all the coverage tests
-coverage: coverage/test coverage/grcov
-	echo "Coverage report is in ./target/coverage/html/index.html"
+coverage: ## Run the coverage tests using cargo-tarpaulin
+	cargo tarpaulin --out Html
+	@echo "Coverage file at file://$(PWD)/tarpaulin-report.html"
+
+
+.PHONY: coveralls
+coveralls: ## Run cargo tarpaulin and upload to coveralls
+coveralls:
+	cargo tarpaulin --coveralls $(COVERALLS_REPO_TOKEN)
+	@echo "Coveralls repo information is at https://coveralls.io/github/kanidm/kanidm"
\ No newline at end of file
diff --git a/book/src/developers/faq.md b/book/src/developers/faq.md
index ea2fab6f9..6025ac335 100644
--- a/book/src/developers/faq.md
+++ b/book/src/developers/faq.md
@@ -114,3 +114,7 @@ When a service like sudo, sshd, su, etc. wants to authenticate someone, it opens
 that service, then performs authentication according to the modules defined in the pam.d config. For
 example, if you run `ls -al /etc/pam.d /usr/etc/pam.d` in SUSE, you can see the services and their
 respective pam.d config.
+
+## Test coverage
+
+We're trying to regularly get coverage reports into [Coveralls](https://coveralls.io/github/kanidm/kanidm), you can run the local testing with `make coverage` once you've installed [cargo-tarpaulin](https://crates.io/crates/cargo-tarpaulin).
diff --git a/build_rs_cov.profraw b/build_rs_cov.profraw
deleted file mode 100644
index 75521227e..000000000
Binary files a/build_rs_cov.profraw and /dev/null differ
diff --git a/examples/kanidm-safe-default b/examples/kanidm-safe-default
index 9a06b5c14..388d8a1c7 100644
--- a/examples/kanidm-safe-default
+++ b/examples/kanidm-safe-default
@@ -1,7 +1,7 @@
-## Kanidm minimal Service Configuration - /etc/kanidm/config
+# Kanidm minimal Service Configuration - /etc/kanidm/config
 # For a full example and documentation, see /usr/share/kanidm/kanidm
 # or `example/kanidm` in the source repository.
 
 # Replace this with your kanidmd URI and uncomment the line
-#uri = "https://idm.example.com"
+# uri = "https://idm.example.com"
 verify_ca = true
diff --git a/examples/unixd-safe-default b/examples/unixd-safe-default
index b231f4cd1..14d9daac3 100644
--- a/examples/unixd-safe-default
+++ b/examples/unixd-safe-default
@@ -1,17 +1,19 @@
-## Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
+# Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
 # For a full example and documentation, see /usr/share/kanidm-unixd/unixd
-# or `example/unixd` in the source repository.
+# or `example/unixd` in the source repository
 
 version = '2'
 
+[kanidm]
 # default_shell = "/bin/sh"
-
 # home_attr = "uuid"
 # home_alias = "spn"
 # use_etc_skel = false
 
-
 # Defines a set of POSIX groups where membership of any of these groups
-# will be allowed to login via PAM.
-# Replace your group below and uncomment this line:
-#pam_allowed_login_groups = ["your_posix_login_group"]
+# will be allowed to login via PAM
+#
+# WITHOUT THIS SET, NOBODY WILL BE ABLE TO LOG IN VIA PAM
+#
+# Replace your group below and uncomment this line
+# pam_allowed_login_groups = ["your_posix_login_group"]
diff --git a/scripts/test_coverage.sh b/scripts/test_coverage.sh
deleted file mode 100755
index 1898ae018..000000000
--- a/scripts/test_coverage.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ "$(rustup default | grep -cE '^nightly' )" -eq 0 ]; then
-    echo "You need to switch to rust nightly!"
-    exit 1
-fi
-
-# if [ "$(which rustfilt | wc -l )" -eq 0 ]; then
-#     echo "You need to have rustfilt on the path"
-#     echo "cargo install rustfilt"
-#     exit 1
-# fi
-if [ "$(which llvm-cov | wc -l )" -eq 0 ]; then
-    echo "You need to have llvm-cov on the path"
-    exit 1
-fi
-export CARGO_INCREMENTAL=0
-
-
-export LLVM_PROFILE_FILE
-echo "Profile files going into ${LLVM_PROFILE_FILE}"
-
-echo "Running tests"
-#shellcheck disable=SC2068
-
-LLVM_PROFILE_FILE="$(pwd)/target/profile/coverage-%p-%m.profraw" RUSTFLAGS="-C instrument-coverage" cargo test
-
-grcov . --binary-path ./target/debug/deps/ \
-    -s . \
-    -t html \
-    --branch \
-    --ignore-not-existing \
-    --ignore '../*' \
-    --ignore "/*" \
-    -o target/coverage/html
-
-
-# PROFDATA="./target/profile/kanidm.profdata"
-
-# llvm-profdata merge  ./target/profile/*.profraw -o "${PROFDATA}"
-
-# llvm-cov report --ignore-filename-regex="\.cargo" \
-#     --enable-name-compression \
-#     $( \
-#       for file in \
-#         $( \
-#           RUSTFLAGS="-C instrument-coverage" \
-#             cargo test --tests --no-run --message-format=json \
-#               | jq -r "select(.profile.test == true) | .filenames[]" \
-#               | grep -v dSYM - \
-#         ); \
-#       do \
-#         printf "%s %s " -object $file; \
-#       done \
-#     ) \
-#   --instr-profile="${PROFDATA}" --summary-only
-
-# llvm-cov show -Xdemangler=rustfilt target/debug/kanidmd \
-#     -instr-profile="${PROFDATA}" \
-#     -show-line-counts-or-regions \
-#     -show-instantiations \
-#     -name-regex="kani.*"
\ No newline at end of file
diff --git a/unix_integration/common/src/unix_config.rs b/unix_integration/common/src/unix_config.rs
index 931b6d735..02a9b43b1 100644
--- a/unix_integration/common/src/unix_config.rs
+++ b/unix_integration/common/src/unix_config.rs
@@ -141,3 +141,35 @@ impl KanidmUnixdConfig {
         })
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use std::path::PathBuf;
+
+    use super::*;
+
+    #[test]
+    fn test_load_example_configs() {
+        // Test the various included configs
+
+        let examples_dir = env!("CARGO_MANIFEST_DIR").to_string() + "/../../examples/";
+
+        for file in PathBuf::from(&examples_dir)
+            .canonicalize()
+            .expect(&format!("Can't find examples dir at {}", examples_dir))
+            .read_dir()
+            .expect("Can't read examples dir!")
+        {
+            let file = file.unwrap();
+            let filename = file.file_name().into_string().unwrap();
+            if filename.starts_with("unixd") {
+                print!("Checking that {} parses as a valid config...", filename);
+
+                KanidmUnixdConfig::new()
+                    .read_options_from_optional_config(file.path())
+                    .expect("Failed to parse");
+                println!("OK");
+            }
+        }
+    }
+}
diff --git a/unix_integration/resolver/src/unix_config.rs b/unix_integration/resolver/src/unix_config.rs
index d25fe3338..e8a739401 100644
--- a/unix_integration/resolver/src/unix_config.rs
+++ b/unix_integration/resolver/src/unix_config.rs
@@ -501,3 +501,38 @@ impl UnixdConfig {
         })
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use std::path::PathBuf;
+
+    use super::*;
+
+    #[test]
+    fn test_load_example_configs() {
+        // Test the various included configs
+
+        let examples_dir = env!("CARGO_MANIFEST_DIR").to_string() + "/../../examples/";
+
+        for file in PathBuf::from(&examples_dir)
+            .canonicalize()
+            .expect(&format!("Can't find examples dir at {}", examples_dir))
+            .read_dir()
+            .expect("Can't read examples dir!")
+        {
+            let file = file.unwrap();
+            let filename = file.file_name().into_string().unwrap();
+            if filename.starts_with("unixd") {
+                print!("Checking that {} parses as a valid config...", filename);
+
+                UnixdConfig::new()
+                    .read_options_from_optional_config(file.path())
+                    .inspect_err(|e| {
+                        println!("Failed to parse: {:?}", e);
+                    })
+                    .expect("Failed to parse!");
+                println!("OK");
+            }
+        }
+    }
+}