From 4d2c0aebbb9e25f105690fb952e88596a64f23af Mon Sep 17 00:00:00 2001
From: "Bastian (BaM)" <git@noxware.de>
Date: Mon, 15 Sep 2025 09:51:43 +0200
Subject: [PATCH] Add SSH configuration options to support environment
 variables for strict host key checking and known hosts file path in ssh.lua
 and compose.yaml

---
 compose.yaml    |  2 ++
 scripts/ssh.lua | 18 ++++++++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/compose.yaml b/compose.yaml
index 378e600..bde3453 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -22,6 +22,8 @@ services:
       WOL_PORT: "${WOL_PORT:-9}"                    # optional
       USE_LUAJIT: "${USE_LUAJIT:-true}"             # optional: use LuaJIT for better performance (default: true)
       DEBUG: "${DEBUG:-false}"
+      SSH_STRICT_HOST_KEY_CHECKING: "${SSH_STRICT_HOST_KEY_CHECKING:-no}"  # optional: SSH host key verification (default: no)
+      SSH_KNOWN_HOSTS_FILE: "${SSH_KNOWN_HOSTS_FILE:-/root/.ssh/known_hosts}"  # optional: SSH known hosts file path (default: /root/.ssh/known_hosts)
     restart: unless-stopped
     volumes:
       - /etc/localtime:/etc/localtime:ro
diff --git a/scripts/ssh.lua b/scripts/ssh.lua
index 5c7d6e0..fa8b854 100644
--- a/scripts/ssh.lua
+++ b/scripts/ssh.lua
@@ -36,6 +36,11 @@ function ssh_module.execute(command, user, host, port, identity_file)
   -- -oConnectTimeout for faster failure
   -- -oStrictHostKeyChecking uses known_hosts; adjust if needed
   local dest = (user ~= "" and (user .. "@" .. host) or host)
+
+  -- Get SSH configuration from environment variables
+  local strict_host_key_checking = utils.getenv("SSH_STRICT_HOST_KEY_CHECKING", "yes")
+  local known_hosts_file = utils.getenv("SSH_KNOWN_HOSTS_FILE", "/root/.ssh/known_hosts")
+
   local pieces = {
     "ssh",
     "-p", tostring(port),
@@ -43,8 +48,8 @@ function ssh_module.execute(command, user, host, port, identity_file)
     "-o", "ConnectTimeout=30",
     "-o", "ServerAliveInterval=5",
     "-o", "ServerAliveCountMax=1",
-    "-o", "UserKnownHostsFile=/root/.ssh/known_hosts",
-    "-o", "StrictHostKeyChecking=yes",
+    "-o", "UserKnownHostsFile=" .. known_hosts_file,
+    "-o", "StrictHostKeyChecking=" .. strict_host_key_checking,
   }
 
   if identity_file ~= "" then
@@ -92,6 +97,11 @@ function ssh_module.execute_with_output(command, user, host, port, identity_file
 
   -- Build base ssh command (run locally)
   local dest = (user ~= "" and (user .. "@" .. host) or host)
+
+  -- Get SSH configuration from environment variables
+  local strict_host_key_checking = utils.getenv("SSH_STRICT_HOST_KEY_CHECKING", "yes")
+  local known_hosts_file = utils.getenv("SSH_KNOWN_HOSTS_FILE", "/root/.ssh/known_hosts")
+
   local pieces = {
     "ssh",
     "-p", tostring(port),
@@ -99,8 +109,8 @@ function ssh_module.execute_with_output(command, user, host, port, identity_file
     "-o", "ConnectTimeout=30",
     "-o", "ServerAliveInterval=5",
     "-o", "ServerAliveCountMax=1",
-    -- "-o", "UserKnownHostsFile=/root/.ssh/known_hosts",
-    "-o", "StrictHostKeyChecking=no",
+    "-o", "UserKnownHostsFile=" .. known_hosts_file,
+    "-o", "StrictHostKeyChecking=" .. strict_host_key_checking,
   }
 
   if identity_file ~= "" then