From 18a4111b4c9e4d53ffa3166ee0ddb6fc3ef1d0f9 Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Mon, 19 May 2025 17:43:19 +0300
Subject: [PATCH 1/5] Add passwd_hash

Without password hash '$user:*' to `chpasswd -e` will result to
inability for user to login, or change password. So I've add parameter
passwd_hash for the user. Password hash could be generated via command
`openssl passwd -5 your_password`.
---
 lib/tiny-cloud/user-data/cloud-config | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/tiny-cloud/user-data/cloud-config b/lib/tiny-cloud/user-data/cloud-config
index e2ebcc6..e66c064 100644
--- a/lib/tiny-cloud/user-data/cloud-config
+++ b/lib/tiny-cloud/user-data/cloud-config
@@ -285,12 +285,16 @@ init__userdata_users() {
 			$MOCK adduser -D ${gecos:+-g "$gecos"} ${homedir:+-h "$homedir"} ${shell:+-s "$shell"} ${primary_group:+-G "$primary_group"} ${system:+-S} ${no_create_home:+-H} "$name"
 		fi
 
+		if in_list hashed_passwd $keys; then
+			hashed_passwd="$(get_userdata users/$i/hashed_passwd)"
+		fi
+
 		if in_list lock_passwd $keys; then
 			lock_passwd="$(get_userdata users/$i/lock_passwd)"
 		fi
 
 		if [ "$lock_passwd" != "false" ]; then
-			echo "$name:*" | $MOCK chpasswd -e
+			echo "${name}:${hashed_passwd}" | $MOCK chpasswd -e
 		fi
 
 		if in_list ssh_authorized_keys $keys; then
@@ -313,7 +317,7 @@ init__userdata_users() {
 			for j in $(get_userdata users/$i/doas); do
 				local line="$(get_userdata users/$i/doas/$j)"
 				if [ -d "$ETC/doas.d" ]; then
-					echo "$line" >> "$ETC/doas.d/$name.conf"
+					echo "$line" >>"$ETC/doas.d/$name.conf"
 				elif [ -f "$ETC/doas.conf" ]; then
 					add_once "$ETC/doas.conf" "$line"
 				fi

From f52d0d6d2d5e502111e3e47787e6979ea7cc675c Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Mon, 19 May 2025 22:07:36 +0300
Subject: [PATCH 2/5] fix: separate lock_passwd and hashed_passwd

---
 lib/tiny-cloud/user-data/cloud-config | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/tiny-cloud/user-data/cloud-config b/lib/tiny-cloud/user-data/cloud-config
index e66c064..1463732 100644
--- a/lib/tiny-cloud/user-data/cloud-config
+++ b/lib/tiny-cloud/user-data/cloud-config
@@ -287,6 +287,7 @@ init__userdata_users() {
 
 		if in_list hashed_passwd $keys; then
 			hashed_passwd="$(get_userdata users/$i/hashed_passwd)"
+			echo "${name}:${hashed_passwd}" | $MOCK chpasswd -e
 		fi
 
 		if in_list lock_passwd $keys; then
@@ -294,7 +295,7 @@ init__userdata_users() {
 		fi
 
 		if [ "$lock_passwd" != "false" ]; then
-			echo "${name}:${hashed_passwd}" | $MOCK chpasswd -e
+			echo "${name}:*" | $MOCK chpasswd -e
 		fi
 
 		if in_list ssh_authorized_keys $keys; then

From 0dc24601b2a06843acfae937b326baf204bac286 Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Thu, 29 May 2025 16:01:51 +0300
Subject: [PATCH 3/5] Undo auto-formatted space deletions

---
 lib/tiny-cloud/user-data/cloud-config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/tiny-cloud/user-data/cloud-config b/lib/tiny-cloud/user-data/cloud-config
index 1463732..bec563c 100644
--- a/lib/tiny-cloud/user-data/cloud-config
+++ b/lib/tiny-cloud/user-data/cloud-config
@@ -294,7 +294,7 @@ init__userdata_users() {
 			lock_passwd="$(get_userdata users/$i/lock_passwd)"
 		fi
 
-		if [ "$lock_passwd" != "false" ]; then
+		if [ "$lock_passwd" != "false" ] && [ -z "$hashed_passwd" ]; then
 			echo "${name}:*" | $MOCK chpasswd -e
 		fi
 
@@ -318,7 +318,7 @@ init__userdata_users() {
 			for j in $(get_userdata users/$i/doas); do
 				local line="$(get_userdata users/$i/doas/$j)"
 				if [ -d "$ETC/doas.d" ]; then
-					echo "$line" >>"$ETC/doas.d/$name.conf"
+					echo "$line" >> "$ETC/doas.d/$name.conf"
 				elif [ -f "$ETC/doas.conf" ]; then
 					add_once "$ETC/doas.conf" "$line"
 				fi

From 6c377c76da67ff959e3d3a42237835133b1149c1 Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Fri, 30 May 2025 16:30:32 +0300
Subject: [PATCH 4/5] Add passwd parameter to user-data

---
 lib/tiny-cloud/user-data/cloud-config | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/tiny-cloud/user-data/cloud-config b/lib/tiny-cloud/user-data/cloud-config
index bec563c..9dbfc14 100644
--- a/lib/tiny-cloud/user-data/cloud-config
+++ b/lib/tiny-cloud/user-data/cloud-config
@@ -243,7 +243,7 @@ in_list() {
 init__userdata_users() {
 	local users="$(get_userdata users)"
 	for i in $users; do
-		local name="" gecos="" homedir="" shell="" primary_group="" groups=""
+		local name="" gecos="" homedir="" shell="" primary_group="" groups="" passwd="" hashed_passwd=""
 		local system=false no_create_home=false lock_passwd=true
 		local keys="$(get_userdata users/$i)"
 		if [ "$i" = 1 ] && [ "$keys" = "default" ]; then
@@ -272,6 +272,10 @@ init__userdata_users() {
 		if in_list no_create_home $keys; then
 			no_create_home="$(get_userdata users/$i/no_create_home)"
 		fi
+		if in_list passwd $keys; then
+			passwd="$(get_userdata users/$i/passwd)"
+			echo "${user}:${passwd}" | $MOCK chpasswd -e
+		fi
 
 		if getent passwd "$user" >/dev/null; then
 			log -i -t "$phase" info "$ACTION: user $user already exists"

From 8a9f8953651fe16ca6aa85ff550f4f37dd703259 Mon Sep 17 00:00:00 2001
From: Aleksandr Berkuta <Aleksandr.Berkuta@x5.ru>
Date: Mon, 2 Jun 2025 11:24:37 +0300
Subject: [PATCH 5/5] Add tests for passwd and hashed_passwd user-data
 parameters

---
 tests/tiny-cloud-alpine.test | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/tests/tiny-cloud-alpine.test b/tests/tiny-cloud-alpine.test
index cef4a67..8e950aa 100755
--- a/tests/tiny-cloud-alpine.test
+++ b/tests/tiny-cloud-alpine.test
@@ -30,6 +30,8 @@ init_tests \
 	userdata_users_system \
 	userdata_users_no_create_home \
 	userdata_users_groups \
+	userdata_users_passwd \
+	userdata_users_hashed_passwd \
 	userdata_users_lock_passwd \
 	userdata_users_doas \
 	userdata_users_ssh_authorized_keys \
@@ -384,6 +386,38 @@ userdata_users_groups_body() {
 		tiny-cloud main
 }
 
+userdata_users_passwd_body() {
+	# first specified user will replace default user
+	fake_userdata_nocloud <<-EOF
+		#alpine-config
+		users:
+		  - none
+		  - name: foo
+		    passwd: $6$foosalt$QuhZ.r54aqCAn7mTnU4jBh9LPyuVQCa8.H0dZWCMYHVaNzsPX/heqKqI3EtnB6j.YLuaENmnlEHTiwu.iVVcG1
+	EOF
+	atf_check -e ignore -o ignore tiny-cloud early
+	atf_check \
+		-e match:"userdata_users: done" \
+		-o match:"chpasswd -e" \
+		tiny-cloud main
+}
+
+userdata_users_hashed_passwd_body() {
+	# first specified user will replace default user
+	fake_userdata_nocloud <<-EOF
+		#alpine-config
+		users:
+		  - none
+		  - name: foo
+		    hashed_passwd: $6$foosalt$QuhZ.r54aqCAn7mTnU4jBh9LPyuVQCa8.H0dZWCMYHVaNzsPX/heqKqI3EtnB6j.YLuaENmnlEHTiwu.iVVcG1
+	EOF
+	atf_check -e ignore -o ignore tiny-cloud early
+	atf_check \
+		-e match:"userdata_users: done" \
+		-o match:"chpasswd -e" \
+		tiny-cloud main
+}
+
 userdata_users_lock_passwd_body() {
 	# first specified user will replace default user
 	fake_userdata_nocloud <<-EOF