From ba3b6e480bfb966a625f7b5af121cd810f51210b Mon Sep 17 00:00:00 2001
From: Michael Trip <michael@alcatrash.net>
Date: Wed, 31 May 2023 22:15:56 +0200
Subject: [PATCH] added new image

---
 .../{mate-build.yml => fedora-mate-build.yml} |  2 +-
 .../{xfce-build.yml => fedora-xfce-build.yml} |  2 +-
 .github/workflows/ubuntu-mate-build.yml       | 77 +++++++++++++++++++
 ubuntu-mate/Dockerfile                        | 46 +++++++++++
 .../root/etc/cont-init.d/60-create-user       | 37 +++++++++
 5 files changed, 162 insertions(+), 2 deletions(-)
 rename .github/workflows/{mate-build.yml => fedora-mate-build.yml} (99%)
 rename .github/workflows/{xfce-build.yml => fedora-xfce-build.yml} (99%)
 create mode 100644 .github/workflows/ubuntu-mate-build.yml
 create mode 100644 ubuntu-mate/Dockerfile
 create mode 100644 ubuntu-mate/root/etc/cont-init.d/60-create-user

diff --git a/.github/workflows/mate-build.yml b/.github/workflows/fedora-mate-build.yml
similarity index 99%
rename from .github/workflows/mate-build.yml
rename to .github/workflows/fedora-mate-build.yml
index 5a30c6e..52e44ca 100644
--- a/.github/workflows/mate-build.yml
+++ b/.github/workflows/fedora-mate-build.yml
@@ -1,4 +1,4 @@
-name: MATE build
+name: Fedora MATE build
 
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
diff --git a/.github/workflows/xfce-build.yml b/.github/workflows/fedora-xfce-build.yml
similarity index 99%
rename from .github/workflows/xfce-build.yml
rename to .github/workflows/fedora-xfce-build.yml
index eb9ed5e..f452a20 100644
--- a/.github/workflows/xfce-build.yml
+++ b/.github/workflows/fedora-xfce-build.yml
@@ -1,4 +1,4 @@
-name: XFCE build
+name: Fedora XFCE build
 
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
diff --git a/.github/workflows/ubuntu-mate-build.yml b/.github/workflows/ubuntu-mate-build.yml
new file mode 100644
index 0000000..b0a0b01
--- /dev/null
+++ b/.github/workflows/ubuntu-mate-build.yml
@@ -0,0 +1,77 @@
+name: Ubuntu MATE build
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '39 15 * * *'
+  push:
+    branches: [ "main" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}/containerdesk-ubuntu-mate
+
+
+jobs:
+
+
+  build_mate:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
+        with:
+          context: ./ubuntu-mate
+          file: ./ubuntu-mate/Dockerfile
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/ubuntu-mate/Dockerfile b/ubuntu-mate/Dockerfile
new file mode 100644
index 0000000..da60f9f
--- /dev/null
+++ b/ubuntu-mate/Dockerfile
@@ -0,0 +1,46 @@
+FROM ghcr.io/linuxserver/rdesktop:ubuntu-mate
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+LABEL build_version="based on Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="Michael Trip"
+
+RUN \
+  echo "**** install packages ****" && \
+  apt update && \
+  DEBIAN_FRONTEND=noninteractive apt-get install wget -y && \
+  echo "**** adding kubectl stuff ****" && \
+  curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg && \
+  echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list && \
+  echo "**** Installing vscode stuff ***" && \
+  wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg && \
+  cp packages.microsoft.gpg /etc/apt/keyrings && \
+  echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list && \
+  DEBIAN_FRONTEND=noninteractive apt-get install apt-transport-https -y &&\
+  apt-get update && \
+  DEBIAN_FRONTEND=noninteractive \
+  apt-get install --no-install-recommends -y \
+    vim \
+    neofetch \
+    libreoffice \
+    thunderbird \
+    pluma \
+    tilix \
+    terminator \
+    kubectl \
+    code && \
+  echo "**** cleanup ****" && \
+  apt-get autoclean && \
+  rm -rf \
+    /var/lib/apt/lists/* \
+    /var/tmp/* \
+    /tmp/*
+
+
+# add local files
+COPY /root /
+
+# ports and volumes
+EXPOSE 3389
+VOLUME /home
+VOLUME /config
diff --git a/ubuntu-mate/root/etc/cont-init.d/60-create-user b/ubuntu-mate/root/etc/cont-init.d/60-create-user
new file mode 100644
index 0000000..89b2aff
--- /dev/null
+++ b/ubuntu-mate/root/etc/cont-init.d/60-create-user
@@ -0,0 +1,37 @@
+#!/usr/bin/with-contenv bash
+
+
+echo "**** create ${USERNAME} user and make our folders ****" && \
+useradd -u 912 -U -d /home/${USERNAME} -s /bin/bash ${USERNAME}
+usermod -G users,sudo ${USERNAME}
+echo "${USERNAME}:${PASSWORD}" | chpasswd
+mkdir -p /home/${USERNAME}
+chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}
+
+chmod 755 /etc
+chmod 755 /etc/xrdp
+chmod 755 /etc/xrdp/sesman.ini
+
+touch /home/${USERNAME}/lock.file
+
+# create .config dir
+[[ ! -d /home/${USERNAME}/.config ]] && \
+	mkdir -p /home/${USERNAME}/.config
+
+
+cp /defaults/startwm.sh /home/${USERNAME}/startwm.sh
+chmod +x /home/${USERNAME}/startwm.sh
+chown -R ${USERNAME}:${USERAME} /home/${USERNAME}
+
+# permissions
+PERM=$(stat -c '%U' /home/${USERNAME}/.config)
+[[ "${PERM}" != "${USERNAME}" ]] && \
+        chown -R ${USERNAME}:${USERNAME} /home/${USERNAME}
+
+
+# set random password for abc user to prevent it from connecting
+
+RANDOM_PASS=`tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo ''`
+
+echo abc:${RANDOM_PASS} | chpasswd
+usermod -s /bin/false abc
\ No newline at end of file