diff --git a/src/modules/armbian/config b/src/modules/armbian/config
new file mode 100644
index 000000000..c74f954ca
--- /dev/null
+++ b/src/modules/armbian/config
@@ -0,0 +1,5 @@
+#!/bin/bash
+# shellcheck disable=all
+
+[ -n "$ARMBIAN_DEPS" ] || ARMBIAN_DEPS="armbian-config avahi-daemon iptables \
+bash-completion"
diff --git a/src/modules/armbian/end_chroot_script b/src/modules/armbian/end_chroot_script
new file mode 100644
index 000000000..04d93f693
--- /dev/null
+++ b/src/modules/armbian/end_chroot_script
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+# MainsailOS Specific Tweaks for armbian images
+# written by Stephan Wendel aka KwadFan
+# <me@stephanwe.de>
+# GPL V3
+########
+
+## functions
+gen_root_pw() {
+    tr -dc "[:alnum:]" < /dev/urandom | head -c 50
+}
+
+# Clean up
+# Remove autologin and lock root account
+if [ -f "/etc/systemd/system/getty@.service.d/override.conf" ]; then
+    rm -f /etc/systemd/system/getty@.service.d/override.conf
+fi
+
+# Disable autologin on serial console
+if [ -f "/etc/systemd/system/serial-getty@.service.d/override.conf" ]; then
+    sed -i 's/--autologin root //' /etc/systemd/system/serial-getty@.service.d/override.conf
+fi
+
+# Generate random root passwd
+yes "$(gen_root_pw)" | passwd root
+
+# lock root account
+sudo -u "${BASE_USER}" passwd -l root
+
+# Remove passwdless sudo
+sed -i '/'"${BASE_USER}"' ALL=(ALL:ALL) NOPASSWD:ALL/d' /etc/sudoers
diff --git a/src/modules/armbian/filesystem/root/etc/update-motd.d/10-mainsailos b/src/modules/armbian/filesystem/root/etc/update-motd.d/10-mainsailos
new file mode 100755
index 000000000..bfb846797
--- /dev/null
+++ b/src/modules/armbian/filesystem/root/etc/update-motd.d/10-mainsailos
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+#
+# Based on:
+# https://github.com/armbian/build/blob/master/packages/bsp/common/etc/update-motd.d/10-armbian-header
+
+# Copyright (c) Authors: https://www.armbian.com/authors
+#
+# This file is licensed under the terms of the GNU General Public
+# License version 2. This program is licensed "as is" without any
+# warranty of any kind, whether express or implied.
+
+# Modified by Stephan Wendel aka KwadFan
+# All changes made are public at
+# https://github.com/mainsail-crew/MainsailOS
+
+# shellcheck enable=require-variable-braces
+
+# shellcheck disable=SC1091
+[[ -f /etc/armbian-release-info.txt ]] && . /etc/armbian-release-info.txt
+
+if [[ -f /etc/armbian-distribution-status ]]; then
+    . /etc/armbian-distribution-status
+    [[ -f /etc/lsb-release ]] && DISTRIBUTION_CODENAME=$(grep CODENAME /etc/lsb-release | cut -d"=" -f2)
+    [[ -z "${DISTRIBUTION_CODENAME}" && -f /etc/os-release ]] && DISTRIBUTION_CODENAME=$(grep VERSION_CODENAME /etc/os-release | cut -d"=" -f2)
+    [[ -z "${DISTRIBUTION_CODENAME}" && -x /usr/bin/lsb_release ]] && DISTRIBUTION_CODENAME=$(/usr/bin/lsb_release -c | cut -d":" -f2 | tr -d "\t")
+    DISTRIBUTION_STATUS=$(grep "${DISTRIBUTION_CODENAME}" /etc/armbian-distribution-status | cut -d"=" -f2)
+fi
+[[ -f /etc/default/armbian-motd ]] && . /etc/default/armbian-motd
+
+for f in ${MOTD_DISABLE}; do
+    [[ "${f}" == "${THIS_SCRIPT}" ]] && exit 0
+done
+
+
+KERNELID=$(uname -r)
+
+# Odroid N2 exception
+ODROID_EXCEPTION="$(tr -d '\000' < /proc/device-tree/model | grep ODROID | grep Plus)"
+[[ -f /proc/device-tree/model ]] && [[ -n "${ODROID_EXCEPTION}" ]] && BOARD_NAME+="+"
+
+
+echo -e "\e[31m$(toilet -f big MainsailOS)\e[0m"
+echo -e "Version $(cut -d ' ' -f3 /etc/mainsailos-release), based on \
+\e[34mArmbian ${VERSION} ${DISTRIBUTION_CODENAME^}\e[0m $([[ ${BRANCH} == edge ]])"
+echo -e "Running on \e[34m$(echo ${BOARD_NAME} | sed 's/Orange Pi/OPi/' | \
+sed 's/NanoPi/NPi/' | sed 's/Banana Pi/BPi/')\e[0m with \e[34mLinux ${KERNELID}\e[0m\n"
+
+# displaying status warnings
+
+if [[ "${IMAGE_TYPE}" != "stable" ]]; then
+    [[ "${IMAGE_TYPE}" == "user-built" ]] && UNSUPPORTED_TEXT="built from trunk"
+    [[ "${IMAGE_TYPE}" == "nightly" ]] && UNSUPPORTED_TEXT="untested automated build"
+else
+    [[ "${BOARD_TYPE}" == "csc" || "${BOARD_TYPE}" == "tvb" ]] && UNSUPPORTED_TEXT="community creations"
+    [[ "${BOARD_TYPE}" == "wip" ]] && UNSUPPORTED_TEXT="work in progress"
+    [[ "${BOARD_TYPE}" == "eos" ]] && UNSUPPORTED_TEXT="end of life"
+fi
+
+if [[ -n ${DISTRIBUTION_STATUS} && ${DISTRIBUTION_STATUS} != supported ]]; then
+    [[ -n ${UNSUPPORTED_TEXT} ]] && UNSUPPORTED_TEXT+=" & "
+    UNSUPPORTED_TEXT+="unsupported (${DISTRIBUTION_CODENAME}) userspace!"
+fi
+
+if [[ -n ${UNSUPPORTED_TEXT} ]]; then
+    echo -e "\e[0;91mNo end-user support: \x1B[0m${UNSUPPORTED_TEXT}\n"
+fi
diff --git a/src/modules/armbian/start_chroot_script b/src/modules/armbian/start_chroot_script
new file mode 100644
index 000000000..48b231645
--- /dev/null
+++ b/src/modules/armbian/start_chroot_script
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# MainsailOS Specific Tweaks for armbian images
+# written by Stephan Wendel aka KwadFan
+# <me@stephanwe.de>
+# GPL V3
+########
+
+# Source error handling, leave this in place
+set -xe
+
+# Source CustomPIOS common.sh
+# shellcheck disable=SC1091
+source /common.sh
+install_cleanup_trap
+
+# Install armbian specific packages
+apt update
+# shellcheck disable=SC2086
+check_install_pkgs ${ARMBIAN_DEPS}
+
+# passwordless sudo during install
+# Will be removed in cleanup
+echo "${BASE_USER} ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+# Base User groups
+# Shameless "stolen" from
+# https://github.com/guysoft/CustomPiOS/blob/devel/src/variants/armbian/pre_chroot_script
+
+if_group_exists_run() {
+    group=$1
+    if grep -q $group /etc/group; then
+        "${@:2}"
+    fi
+}
+
+# set groups
+if_group_exists_run i2c usermod -aG i2c "${BASE_USER}"
+usermod -aG video,audio,plugdev,games,netdev,sudo "${BASE_USER}"
+
+# Patch sshd_config
+sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
+sed -i 's/^X11Forwarding/#X11Forwarding/' /etc/ssh/sshd_config
+sed -i 's/^#MaxAuthTries 6/MaxAuthTries 3/' /etc/ssh/sshd_config
+
+# Try patching first login in build stage
+if [ -f "/root/.not_logged_in_yet" ]; then
+    rm -f /root/.not_logged_in_yet
+fi
+
+# Move armbian-release to display mainsailos-release
+mv /etc/armbian-release /etc/armbian-release-info.txt
+
+# update motd
+unpack /filesystem/root /
+chmod +x /etc/update-motd.d/*
+if [ -f "/etc/default/armbian-motd" ]; then
+    sed -i 's/MOTD_DISABLE=""/MOTD_DISABLE="header"/' /etc/default/armbian-motd
+fi