Tymeslot is configured entirely through environment variables. The repository ships with aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Tymeslot/tymeslot/llms.txt
Use this file to discover all available pages before exploring further.
.env.example file that acts as a canonical template — copy it to .env, fill in the values you need, and leave commented-out optional variables at their defaults. Shell environment variables always win over .env values, so any variable you set in your container runtime or orchestrator takes precedence automatically.
Required settings
These three variables must be set before Tymeslot will start. The application raises a hard error at boot if any of them is missing.Signing and encryption key for cookies, tokens, and other secrets. Must be at least 64 characters. Generate with:
Your public domain name, e.g.
tymeslot.yourdomain.com. Used to build absolute URLs in emails, OAuth redirect URIs, and calendar webhook callbacks. Do not include a scheme or trailing slash.Password for the PostgreSQL user. For the embedded database this can be any strong value; for an external database it must match the credentials of the pre-existing user. Generate with:
Dedicated AES-256-GCM key for encrypting credentials at rest, independent of Once set it must stay stable across restarts. After adding it to an existing install, run the re-encryption sweep described in the Data Encryption guide.Default: key derived from
SECRET_KEY_BASE. Setting it lets you rotate SECRET_KEY_BASE without making stored calendar tokens, CalDAV passwords, and API keys undecryptable. Generate with:SECRET_KEY_BASE (a startup warning is logged if this is unset).Application settings
TCP port the Phoenix HTTP server listens on inside the container.
IP address the HTTP server binds to. Common values:
| Value | Behaviour |
|---|---|
:: | All IPv4 and IPv6 interfaces (default) |
0.0.0.0 | All IPv4 interfaces only |
127.0.0.1 | Localhost only — use this behind a reverse proxy |
URL scheme for generated links. Set to
http only for local or internal deployments without TLS. Production deployments should leave this at https.Comma-separated list of origins allowed to open a LiveView WebSocket connection. Defaults to origins derived from
PHX_HOST (both http:// and https:// variants plus localhost:4000). Override when you serve the app under multiple hostnames.Example: https://yourdomain.com,https://www.yourdomain.comSet to
false to disable new user registration. Applies to all authentication methods including SSO and social login.Set to
false to disable email/password authentication entirely. Useful when you want users to log in exclusively via SSO or social login. Disable registration alongside this (REGISTRATION_ENABLED=false) to create a fully SSO-only instance.DNS SRV query for multi-node Erlang clustering. Leave unset for single-node deployments (the default for most self-hosters).
Database settings
PostgreSQL hostname. When set to
localhost or 127.0.0.1, Tymeslot uses the embedded PostgreSQL that runs inside the Docker container. Any other value tells the container to skip starting embedded PostgreSQL and connect to the external host instead.PostgreSQL port.
PostgreSQL database name.
PostgreSQL username.
Ecto database connection pool size. The runtime default is
60, which is sized to support Tymeslot’s background job concurrency (Oban workers). Raise it for very high-traffic deployments and ensure your PostgreSQL max_connections stays above this value — the embedded PostgreSQL defaults to max_connections=100, leaving headroom for administrative connections.Email configuration
Email delivery backend. Valid values:
| Value | Behaviour |
|---|---|
test | Silently discards all mail — default, not suitable for production |
smtp | Deliver via SMTP using the SMTP_* variables below |
postmark | Deliver via Postmark API using POSTMARK_API_KEY |
Sender display name shown in recipients’ email clients.
Sender email address. Set this to an address on your own domain for production deployments.
Support contact address shown in email footers. Defaults to
EMAIL_FROM_ADDRESS when unset.Recipient address for contact-form submissions. Defaults to
EMAIL_FROM_ADDRESS when unset.Postmark server API key. Required when
EMAIL_ADAPTER=postmark. Sign up at postmarkapp.com.SMTP server hostname, e.g.
smtp.gmail.com. Required when EMAIL_ADAPTER=smtp.SMTP server port.
587 (STARTTLS) is the standard value for most providers.SMTP authentication username. Required when
EMAIL_ADAPTER=smtp.SMTP authentication password or app-specific password. Required when
EMAIL_ADAPTER=smtp.OAuth integrations
These credentials power calendar sync and video conferencing integrations. They are required only when users connect the corresponding integration; leave them unset to disable those options in the UI.Google OAuth 2.0 client ID. Enables Google Calendar sync and Google Meet video. Create credentials at console.cloud.google.com. Redirect URI:
https://yourdomain.com/auth/google/callbackGoogle OAuth 2.0 client secret.
Random string used as a CSRF state parameter for the Google OAuth flow. Self-generated — not provided by Google. Generate with
openssl rand -base64 32.Microsoft Azure app registration client ID. One app covers both Outlook Calendar and Microsoft Teams. Register at portal.azure.com → Microsoft Entra ID → App registrations. Add both redirect URIs:
https://yourdomain.com/auth/outlook/calendar/callbackhttps://yourdomain.com/auth/teams/video/callback
Microsoft Azure app client secret value (from Certificates & secrets).
Random string used as a CSRF state parameter for the Microsoft OAuth flow. Self-generated — not provided by Microsoft. Generate with
openssl rand -base64 32.Calendar sync webhooks
Public HTTPS base URL that Google and Microsoft use to deliver real-time calendar change notifications (Google push channels and Outlook Graph subscriptions). Format:
https://tymeslot.yourdomain.com — scheme and host only, no trailing slash.When unset, calendar sync falls back to polling every 15 minutes. Only set this when the host is reachable from the public internet over HTTPS; providers perform a validation handshake against this URL during registration.Allow CalDAV and self-hosted video integrations whose hostname resolves to a private, loopback, or link-local address. In production, outbound requests to such hosts are blocked as SSRF protection. Set to
true if you self-host your CalDAV server (e.g. Nextcloud, Radicale) or video provider on a private network. This switch does not affect webhook delivery — see ALLOW_PRIVATE_IPS_FOR_WEBHOOKS.Allow outbound webhook deliveries to URLs whose hostname resolves to a private, loopback, or link-local address. In production these are blocked as SSRF protection. Set to
true only if you deliberately route webhooks to internal services. Deliberately separate from ALLOW_PRIVATE_IPS_FOR_CALENDAR so relaxing calendar SSRF does not silently open webhooks to internal hosts.Social authentication
Enable Google login and signup. Requires
GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET. Setting this to false still allows users to connect Google Calendar — social auth and calendar integration are independent.Enable GitHub login and signup. Requires
GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET.GitHub OAuth app client ID. Required when
ENABLE_GITHUB_AUTH=true. Create an OAuth App at GitHub → Settings → Developer settings. Callback URL: https://yourdomain.com/auth/github/callbackGitHub OAuth app client secret. Required when
ENABLE_GITHUB_AUTH=true.Enable generic OAuth 2.0 / OIDC login for SSO with providers such as Keycloak, Authentik, or Lemonldap::NG. All
OAUTH_* variables below become required when this is true.Generic OAuth 2.0 / OIDC client ID. Required when
ENABLE_OAUTH_AUTH=true.Generic OAuth 2.0 / OIDC client secret. Required when
ENABLE_OAUTH_AUTH=true.Base URL of your identity provider, e.g.
https://keycloak.example.com. Required when ENABLE_OAUTH_AUTH=true.Authorization endpoint. Must be HTTPS. Required when
ENABLE_OAUTH_AUTH=true.Token endpoint. Must be HTTPS. Required when
ENABLE_OAUTH_AUTH=true.Userinfo endpoint. Must be HTTPS. Required when
ENABLE_OAUTH_AUTH=true.Space-separated OAuth scopes to request.
Accept
id or user_id as the subject claim when the IdP omits sub. Enable only for non-OIDC providers that do not return a sub claim.reCAPTCHA v3
Public reCAPTCHA v3 site key used in the browser. Required when
RECAPTCHA_SIGNUP_ENABLED=true or RECAPTCHA_BOOKING_ENABLED=true. Sign up at google.com/recaptcha/admin.Private reCAPTCHA v3 secret key used server-side for score verification. Required when either reCAPTCHA feature flag is enabled.
Enable reCAPTCHA v3 protection on the signup form.
Enable reCAPTCHA v3 protection on the booking form.
Minimum reCAPTCHA score to accept a signup submission as human. Range
0.0 (likely bot) to 1.0 (likely human).Minimum reCAPTCHA score to accept a booking submission as human.
reCAPTCHA action name used for signup form verification.
reCAPTCHA action name used for booking form verification.
Comma-separated list of hostnames to validate in the reCAPTCHA response. Leave unset to skip hostname validation.
HTTP/HTTPS proxy
Outbound proxy for HTTP requests. Format:
http://[user:password@]host:port. Both HTTP_PROXY and http_proxy are supported; uppercase takes precedence.Outbound proxy for HTTPS requests. Format:
http://[user:password@]host:port. Applies to all external API calls: Google Calendar, Microsoft Graph, CalDAV, OAuth, and webhook deliveries.Comma-separated hosts, domains, or CIDRs to bypass the proxy. Supports wildcards (
*.internal.com) and CIDR notation (10.0.0.0/8).Example: localhost,127.0.0.1,*.internal.company.com,10.0.0.0/8Telegram notifications
Enable the Telegram notification integration in own-bot mode. When enabled, users can connect their personal Telegram bot to receive booking notifications by supplying their own bot token and chat ID.
Slack notifications
Enable Slack notification integration in webhook-URL mode. When
true and no SLACK_CLIENT_ID is provided, users can paste an Incoming Webhook URL from their own Slack app.Slack App client ID for OAuth mode. Setting this enables Slack notifications and activates the “Add to Slack” OAuth button in the dashboard. Create a Slack App at api.slack.com/apps with scopes
chat:write, chat:write.public, channels:read, groups:read, team:read. Redirect URL: <your-domain>/api/slack/oauth/callbackSlack App client secret. Required alongside
SLACK_CLIENT_ID to activate full OAuth mode.Admin alerts
Enable operational admin alerts delivered by email. When enabled, Tymeslot emails
ADMIN_ALERT_EMAIL on events such as webhook processing failures, integration health issues, and background job errors. Both this flag and ADMIN_ALERT_EMAIL must be set for delivery.Recipient address for admin alert emails. Required when
ADMIN_ALERTS_ENABLED=true.Example: admin@yourdomain.comBooking analytics
Secret that keys the cookie-less daily visitor fingerprint. Required only when booking analytics is enabled (
config :tymeslot, :booking_analytics_enabled, true). The app fails fast at boot if analytics is enabled and this variable is missing.Generate once and keep constant across deployments — changing it re-hashes the same visitor and double-counts uniques:Stripe payments
Stripe secret API key. Required when
MEETING_PAYMENTS_ENABLED=true. Enables paid booking sessions via Stripe Connect.Stripe webhook signing secret for verifying incoming webhook events. Recommended when Stripe is enabled; without it, webhook signature verification is disabled (a warning is logged at startup).
Stripe Connect webhook signing secret, separate from the platform webhook secret. Used to verify events from connected accounts.
Opt in to the meeting payments feature. Requires
STRIPE_SECRET_KEY and STRIPE_CONNECT_WEBHOOK_SECRET.Default two-letter ISO country code for Stripe Connect onboarding, e.g.
us. When unset, users select their country during onboarding.Platform application fee in basis points (100 = 1%). Range
0–10000. Defaults to 0 so no platform cut is taken unless the operator explicitly sets a value.