From 5aece92a4143aaad0992dc67ab48f5b24d460e0c Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Mon, 19 May 2025 17:43:19 +0300
Subject: [PATCH 1/5] Add passwd_hash

Without password hash '$user:*' to `chpasswd -e` will result to
inability for user to login, or change password. So I've add parameter
passwd_hash for the user. Password hash could be generated via command
`openssl passwd -5 your_password`.
---
 lib/tiny-cloud/user-data/cloud-config | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/tiny-cloud/user-data/cloud-config b/lib/tiny-cloud/user-data/cloud-config
index c389b90..8406ac4 100644
--- a/lib/tiny-cloud/user-data/cloud-config
+++ b/lib/tiny-cloud/user-data/cloud-config
@@ -286,12 +286,16 @@ init__userdata_users() {
 			$MOCK adduser -D ${gecos:+-g "$gecos"} ${homedir:+-h "$homedir"} ${shell:+-s "$shell"} ${primary_group:+-G "$primary_group"} ${system:+-S} ${no_create_home:+-H} "$name"
 		fi
 
+		if in_list hashed_passwd $keys; then
+			hashed_passwd="$(get_userdata users/$i/hashed_passwd)"
+		fi
+
 		if in_list lock_passwd $keys; then
 			lock_passwd="$(get_userdata users/$i/lock_passwd)"
 		fi
 
 		if [ "$lock_passwd" != "false" ]; then
-			echo "$name:*" | $MOCK chpasswd -e
+			echo "${name}:${hashed_passwd}" | $MOCK chpasswd -e
 		fi
 
 		if in_list ssh_authorized_keys $keys; then
@@ -314,7 +318,7 @@ init__userdata_users() {
 			for j in $(get_userdata users/$i/doas); do
 				local line="$(get_userdata users/$i/doas/$j)"
 				if [ -d "$ETC/doas.d" ]; then
-					echo "$line" >> "$ETC/doas.d/$name.conf"
+					echo "$line" >>"$ETC/doas.d/$name.conf"
 				elif [ -f "$ETC/doas.conf" ]; then
 					add_once "$ETC/doas.conf" "$line"
 				fi

From f84f2c090c50ef0938566b7a48f05d80022eb6ca Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Mon, 19 May 2025 22:07:36 +0300
Subject: [PATCH 2/5] fix: separate lock_passwd and hashed_passwd

---
 lib/tiny-cloud/user-data/cloud-config | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/tiny-cloud/user-data/cloud-config b/lib/tiny-cloud/user-data/cloud-config
index 8406ac4..2e3cd74 100644
--- a/lib/tiny-cloud/user-data/cloud-config
+++ b/lib/tiny-cloud/user-data/cloud-config
@@ -288,6 +288,7 @@ init__userdata_users() {
 
 		if in_list hashed_passwd $keys; then
 			hashed_passwd="$(get_userdata users/$i/hashed_passwd)"
+			echo "${name}:${hashed_passwd}" | $MOCK chpasswd -e
 		fi
 
 		if in_list lock_passwd $keys; then
@@ -295,7 +296,7 @@ init__userdata_users() {
 		fi
 
 		if [ "$lock_passwd" != "false" ]; then
-			echo "${name}:${hashed_passwd}" | $MOCK chpasswd -e
+			echo "${name}:*" | $MOCK chpasswd -e
 		fi
 
 		if in_list ssh_authorized_keys $keys; then

From e243abc2abe9e55f47995db59456feec415fb600 Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Thu, 29 May 2025 16:01:51 +0300
Subject: [PATCH 3/5] Undo auto-formatted space deletions

---
 lib/tiny-cloud/user-data/cloud-config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/tiny-cloud/user-data/cloud-config b/lib/tiny-cloud/user-data/cloud-config
index 2e3cd74..c363056 100644
--- a/lib/tiny-cloud/user-data/cloud-config
+++ b/lib/tiny-cloud/user-data/cloud-config
@@ -295,7 +295,7 @@ init__userdata_users() {
 			lock_passwd="$(get_userdata users/$i/lock_passwd)"
 		fi
 
-		if [ "$lock_passwd" != "false" ]; then
+		if [ "$lock_passwd" != "false" ] && [ -z "$hashed_passwd" ]; then
 			echo "${name}:*" | $MOCK chpasswd -e
 		fi
 
@@ -319,7 +319,7 @@ init__userdata_users() {
 			for j in $(get_userdata users/$i/doas); do
 				local line="$(get_userdata users/$i/doas/$j)"
 				if [ -d "$ETC/doas.d" ]; then
-					echo "$line" >>"$ETC/doas.d/$name.conf"
+					echo "$line" >> "$ETC/doas.d/$name.conf"
 				elif [ -f "$ETC/doas.conf" ]; then
 					add_once "$ETC/doas.conf" "$line"
 				fi

From 36eef1bb1446f777beb961d00100610647a5b886 Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Fri, 30 May 2025 16:30:32 +0300
Subject: [PATCH 4/5] Add passwd parameter to user-data

---
 lib/tiny-cloud/user-data/cloud-config | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/tiny-cloud/user-data/cloud-config b/lib/tiny-cloud/user-data/cloud-config
index c363056..ab09880 100644
--- a/lib/tiny-cloud/user-data/cloud-config
+++ b/lib/tiny-cloud/user-data/cloud-config
@@ -244,7 +244,7 @@ in_list() {
 init__userdata_users() {
 	local i users="$(get_userdata users)"
 	for i in $users; do
-		local name="" gecos="" homedir="" shell="" primary_group="" groups=""
+		local name="" gecos="" homedir="" shell="" primary_group="" groups="" passwd="" hashed_passwd=""
 		local system=false no_create_home=false lock_passwd=true
 		local keys="$(get_userdata users/$i)"
 		if [ "$i" = 1 ] && [ "$keys" = "default" ]; then
@@ -273,6 +273,10 @@ init__userdata_users() {
 		if in_list no_create_home $keys; then
 			no_create_home="$(get_userdata users/$i/no_create_home)"
 		fi
+		if in_list passwd $keys; then
+			passwd="$(get_userdata users/$i/passwd)"
+			echo "${user}:${passwd}" | $MOCK chpasswd -e
+		fi
 
 		if getent passwd "$user" >/dev/null; then
 			log -i -t "$phase" info "$ACTION: user $user already exists"

From 2ee4edc6e5c6a0715bcf317b1457c67b19fba2c3 Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Mon, 2 Jun 2025 11:24:37 +0300
Subject: [PATCH 5/5] Add tests for passwd and hashed_passwd user-data
 parameters

---
 tests/tiny-cloud-alpine.test | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/tests/tiny-cloud-alpine.test b/tests/tiny-cloud-alpine.test
index cef4a67..8e950aa 100755
--- a/tests/tiny-cloud-alpine.test
+++ b/tests/tiny-cloud-alpine.test
@@ -30,6 +30,8 @@ init_tests \
 	userdata_users_system \
 	userdata_users_no_create_home \
 	userdata_users_groups \
+	userdata_users_passwd \
+	userdata_users_hashed_passwd \
 	userdata_users_lock_passwd \
 	userdata_users_doas \
 	userdata_users_ssh_authorized_keys \
@@ -384,6 +386,38 @@ userdata_users_groups_body() {
 		tiny-cloud main
 }
 
+userdata_users_passwd_body() {
+	# first specified user will replace default user
+	fake_userdata_nocloud <<-EOF
+		#alpine-config
+		users:
+		  - none
+		  - name: foo
+		    passwd: $6$foosalt$QuhZ.r54aqCAn7mTnU4jBh9LPyuVQCa8.H0dZWCMYHVaNzsPX/heqKqI3EtnB6j.YLuaENmnlEHTiwu.iVVcG1
+	EOF
+	atf_check -e ignore -o ignore tiny-cloud early
+	atf_check \
+		-e match:"userdata_users: done" \
+		-o match:"chpasswd -e" \
+		tiny-cloud main
+}
+
+userdata_users_hashed_passwd_body() {
+	# first specified user will replace default user
+	fake_userdata_nocloud <<-EOF
+		#alpine-config
+		users:
+		  - none
+		  - name: foo
+		    hashed_passwd: $6$foosalt$QuhZ.r54aqCAn7mTnU4jBh9LPyuVQCa8.H0dZWCMYHVaNzsPX/heqKqI3EtnB6j.YLuaENmnlEHTiwu.iVVcG1
+	EOF
+	atf_check -e ignore -o ignore tiny-cloud early
+	atf_check \
+		-e match:"userdata_users: done" \
+		-o match:"chpasswd -e" \
+		tiny-cloud main
+}
+
 userdata_users_lock_passwd_body() {
 	# first specified user will replace default user
 	fake_userdata_nocloud <<-EOF