From e78595096c1cb956602796c6b4b692e58458ff99 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Thu, 21 May 2026 15:38:56 -0400 Subject: feat(calendar-sync): resolve .ics feed URLs from auth-source A calendar's .ics feed URL is a secret token, so I'd rather not keep it in a plaintext config file. A calendar can now name a :secret-host, and calendar-sync--calendar-url looks the URL up in auth-source (~/.authinfo.gpg) at sync time. Inline :url still works and wins when both are set, so existing configs are unaffected. I added 7 tests covering the explicit-url, string-secret, function-secret, precedence, and no-match paths, and switched the .example template to the :secret-host shape. --- calendar-sync.local.el.example | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'calendar-sync.local.el.example') diff --git a/calendar-sync.local.el.example b/calendar-sync.local.el.example index ba84603b..c4646659 100644 --- a/calendar-sync.local.el.example +++ b/calendar-sync.local.el.example @@ -1,8 +1,8 @@ ;;; calendar-sync.local.el.example --- Template for private calendar config -*- lexical-binding: t; -*- ;; Copy this file to `calendar-sync.local.el' (sibling of init.el) and -;; replace the placeholder URLs with your actual private ICS feed -;; addresses. The real file is gitignored; the template is tracked. +;; replace the placeholders with your actual private ICS feeds. The real +;; file is gitignored; the template is tracked. ;; ;; How it works: ;; - `modules/calendar-sync.el' defines `calendar-sync-private-config-file' @@ -13,6 +13,16 @@ ;; - `user-constants' is required earlier in init.el, so `gcal-file', ;; `pcal-file', and `dcal-file' are bound when this file is evaluated. ;; +;; Two ways to give each .ics calendar its feed URL: +;; :secret-host - PREFERRED. An auth-source host whose secret holds the +;; feed URL, looked up in ~/.authinfo.gpg (encrypted at +;; rest, and distributed with your other authinfo entries). +;; The .ics URL is itself a secret token, so it belongs in +;; the encrypted store. Add a line like: +;; machine calendar-google login me password https://...ics +;; :url - the feed URL inline (plaintext in this file). If both +;; are set, :url wins. +;; ;; Where to find the private .ics URL: ;; - Google Calendar: Settings -> Your Calendar -> Integrate calendar -> ;; "Secret address in iCal format" (regenerate if leaked). @@ -21,13 +31,13 @@ (setq calendar-sync-calendars `((:name "google" - :url "https://calendar.google.com/calendar/ical/YOUR_ADDRESS%40gmail.com/private-XXXXXXXXXX/basic.ics" + :secret-host "calendar-google" :file ,gcal-file) (:name "proton" - :url "https://calendar.proton.me/api/calendar/v1/url/XXXXXXXX/calendar.ics?CacheKey=XXXXXXXX&PassphraseKey=XXXXXXXX" + :secret-host "calendar-proton" :file ,pcal-file) (:name "deepsat" - :url "https://calendar.google.com/calendar/ical/YOUR_WORK_ADDRESS%40example.com/private-XXXXXXXXXX/basic.ics" + :secret-host "calendar-deepsat" :file ,dcal-file))) (provide 'calendar-sync.local) -- cgit v1.2.3