diff --git a/.github/workflows/ubuntu-mate-build.yml b/.github/workflows/ubuntu-mate-build.yml
new file mode 100644
index 0000000..f6eaf42
--- /dev/null
+++ b/.github/workflows/ubuntu-mate-build.yml
@@ -0,0 +1,80 @@
+name: Ubuntu MATE build
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '0 3 * * *'
+  push:
+    branches: [ "main" ]
+    paths:
+      - "ubuntu-mate/Dockerfile"
+      - ".github/workflows/ubuntu-mate-build.yml"
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}/containerdesk-ubuntu-mate
+
+
+jobs:
+
+  build_mate:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
+        with:
+          context: ./ubuntu-mate
+          file: ./ubuntu-mate/Dockerfile
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
diff --git a/ubuntu-mate/Dockerfile b/ubuntu-mate/Dockerfile
new file mode 100644
index 0000000..e458af8
--- /dev/null
+++ b/ubuntu-mate/Dockerfile
@@ -0,0 +1,78 @@
+FROM lscr.io/linuxserver/rdesktop:ubuntu-mate
+# set version label
+ARG BUILD_DATE
+# ARG BUILDARCH
+ARG TARGETARCH
+ARG VERSION
+ARG KUBECTL_VERSION=1.32.2
+ARG HELM_VERSION=3.15.2
+ARG HEADLAMP_VERSION=0.37.0
+ARG K9S_VERSION=0.50.16
+ARG FREELENS_VERSION=1.6.1
+LABEL build_version="based on Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="Michael Trip"
+WORKDIR /tmp
+# USER root
+# Download all packages and install everything in one layer
+RUN \
+  echo "**** Update package lists and install base tools ****" && \
+  DEBIAN_FRONTEND=noninteractive apt-get update && \
+  DEBIAN_FRONTEND=noninteractive apt-get install -y curl wget gnupg2 ca-certificates apt-transport-https && \
+  echo "**** Download external packages ****" && \
+  case ${TARGETARCH} in \
+    "amd64")  DOWNLOAD_ARCH=linux-amd64  ;; \
+    "arm64")  DOWNLOAD_ARCH=linux-arm64  ;; \
+  esac && \
+  curl -L https://github.com/freelensapp/freelens/releases/download/v${FREELENS_VERSION}/Freelens-${FREELENS_VERSION}-${DOWNLOAD_ARCH}.deb -o /tmp/freelens.deb && \
+  curl -L https://github.com/derailed/k9s/releases/download/v${K9S_VERSION}/k9s_Linux_${TARGETARCH}.tar.gz -o /tmp/k9s.tar.gz && \
+  curl -L https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl -o /usr/local/bin/kubectl && \
+  chmod +x /usr/local/bin/kubectl && \
+  curl -L https://get.helm.sh/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -o /tmp/helm.tar.gz && \
+  curl -L https://github.com/kubernetes-sigs/headlamp/releases/download/v${HEADLAMP_VERSION}/headlamp_${HEADLAMP_VERSION}-1_${TARGETARCH}.deb -o /tmp/headlamp.deb && \
+  echo "**** Setup VS Code repository ****" && \
+  wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg && \
+  cp packages.microsoft.gpg /etc/apt/keyrings && \
+  echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list && \
+  apt-get update && \
+  echo "**** Install all packages ****" && \
+  mkdir -p /usr/share/man/man1 && \
+  DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    vim \
+    neofetch \
+    chromium \
+    pluma \
+    tilix \
+    xdg-utils \
+    man-db \
+    default-jre-headless \
+    openjdk-17-jre-headless \
+    libreoffice-writer \
+    libreoffice-calc \
+    libreoffice-impress \
+    libreoffice-draw \
+    thunderbird \
+    gnome-themes-extra \
+    gnome-themes-extra-data \
+    code && \
+  echo "**** Install downloaded packages and extract tools ****" && \
+  apt-get install -y /tmp/freelens.deb && \
+  apt-get install -y /tmp/headlamp.deb && \
+  tar -zxvf /tmp/k9s.tar.gz && \
+  tar -zxvf /tmp/helm.tar.gz && \
+  mv linux-${TARGETARCH}/helm /usr/local/bin/helm && \
+  mv /tmp/k9s /usr/local/bin && \
+  echo "**** Cleanup ****" && \
+  apt-get autoclean && \
+  rm -rf \
+    /var/lib/apt/lists/* \
+    /var/tmp/* \
+    /tmp/*
+
+
+
+COPY /root /
+
+# ports and volumes
+EXPOSE 3389
+VOLUME /home
+VOLUME /config
diff --git a/ubuntu-mate/root/etc/cont-init.d/60-create-user b/ubuntu-mate/root/etc/cont-init.d/60-create-user
new file mode 100755
index 0000000..89b2aff
--- /dev/null
+++ b/ubuntu-mate/root/etc/cont-init.d/60-create-user
@@ -0,0 +1,37 @@
+#!/usr/bin/with-contenv bash
+
+
+echo "**** create ${USERNAME} user and make our folders ****" && \
+useradd -u 912 -U -d /home/${USERNAME} -s /bin/bash ${USERNAME}
+usermod -G users,sudo ${USERNAME}
+echo "${USERNAME}:${PASSWORD}" | chpasswd
+mkdir -p /home/${USERNAME}
+chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}
+
+chmod 755 /etc
+chmod 755 /etc/xrdp
+chmod 755 /etc/xrdp/sesman.ini
+
+touch /home/${USERNAME}/lock.file
+
+# create .config dir
+[[ ! -d /home/${USERNAME}/.config ]] && \
+	mkdir -p /home/${USERNAME}/.config
+
+
+cp /defaults/startwm.sh /home/${USERNAME}/startwm.sh
+chmod +x /home/${USERNAME}/startwm.sh
+chown -R ${USERNAME}:${USERAME} /home/${USERNAME}
+
+# permissions
+PERM=$(stat -c '%U' /home/${USERNAME}/.config)
+[[ "${PERM}" != "${USERNAME}" ]] && \
+        chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}
+
+
+# set random password for abc user to prevent it from connecting
+
+RANDOM_PASS=`tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo ''`
+
+echo abc:${RANDOM_PASS} | chpasswd
+usermod -s /bin/false abc
\ No newline at end of file