feat: Add workspace container with claude auto-start

- Create cfg/claude.service for systemd auto-start of Claude Code
- Enable claude.service on container boot
- Update install.sh to automatically create workspace container
- Update aios.zsh to start workspace and connect when shell:true
- Add machinectl to sudoers NOPASSWD for ai user
- Workspace container starts on login, claude.service auto-runs inside

.github/workflows/release.yml

@@ -46,10 +46,12 @@ jobs:
           arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'curl -sL -o /etc/containers/registries.conf.d/ai.conf https://git.syui.ai/ai/os/raw/branch/main/cfg/ai.conf'
           arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'chsh -s /bin/zsh'
           arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'npm i -g @anthropic-ai/claude-code'
+          cp -rf ./cfg/claude.service root.x86_64/var/lib/machines/arch/etc/systemd/system/claude.service
+          arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'systemctl enable claude'
           cp -rf ./cfg/os-release root.x86_64/var/lib/machines/arch/etc/os-release
           arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'useradd -m -G wheel -s /bin/zsh ai'
           arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'echo "ai:root" | chpasswd'
-          arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'echo "%wheel ALL=(ALL:ALL) NOPASSWD: /usr/bin/pacman -Syu --noconfirm, /usr/bin/rm -rf /var/lib/pacman/db.lck, /usr/bin/poweroff, /usr/bin/reboot" >> /etc/sudoers'
+          arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'echo "%wheel ALL=(ALL:ALL) NOPASSWD: /usr/bin/pacman -Syu --noconfirm, /usr/bin/rm -rf /var/lib/pacman/db.lck, /usr/bin/poweroff, /usr/bin/reboot, /usr/bin/machinectl" >> /etc/sudoers'
           arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'mkdir -p /etc/systemd/system/getty@tty1.service.d'
           cat > root.x86_64/var/lib/machines/arch/etc/systemd/system/getty@tty1.service.d/override.conf <<'EOF'
           [Service]

build.zsh

@@ -22,6 +22,10 @@ arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'chsh -s /bin/zsh'
 # Install Claude Code
 arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'npm i -g @anthropic-ai/claude-code'
 
+# Setup Claude Code systemd service for auto-start
+cp -rf ./cfg/claude.service root.x86_64/var/lib/machines/arch/etc/systemd/system/claude.service
+arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'systemctl enable claude'
+
 # Copy os-release
 cp -rf ./cfg/os-release root.x86_64/var/lib/machines/arch/etc/os-release
 
@@ -30,7 +34,7 @@ arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'useradd -m -G wheel -s
 arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'echo "ai:root" | chpasswd'
 
 # Enable wheel group for sudo (specific commands without password)
-arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'echo "%wheel ALL=(ALL:ALL) NOPASSWD: /usr/bin/pacman -Syu --noconfirm, /usr/bin/rm -rf /var/lib/pacman/db.lck, /usr/bin/poweroff, /usr/bin/reboot" >> /etc/sudoers'
+arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'echo "%wheel ALL=(ALL:ALL) NOPASSWD: /usr/bin/pacman -Syu --noconfirm, /usr/bin/rm -rf /var/lib/pacman/db.lck, /usr/bin/poweroff, /usr/bin/reboot, /usr/bin/machinectl" >> /etc/sudoers'
 
 # Setup auto-login for user 'ai'
 arch-chroot root.x86_64/var/lib/machines/arch /bin/sh -c 'mkdir -p /etc/systemd/system/getty@tty1.service.d'

cfg/aios.zsh

@@ -18,11 +18,21 @@ SHELL_MODE=$(cat "$CONFIG_FILE" | jq -r '.shell // false')
 
 if [ "$SHELL_MODE" = "true" ]; then
     echo "aios - AI-managed OS"
-    echo "  Shell mode enabled"
+    echo "  Starting workspace container..."
     echo ""
 
-    # claudeを起動
-    if command -v claude &>/dev/null; then
-        exec claude
+    # Check if workspace exists
+    if ! sudo machinectl list-images | grep -q "^workspace"; then
+        echo "Error: workspace container not found"
+        echo "Please run install.sh first to create workspace container"
+        return
     fi
+
+    # Start workspace container
+    sudo machinectl start workspace 2>/dev/null || true
+    sleep 2
+
+    # Login to workspace (claude.service will auto-start inside)
+    echo "Connecting to workspace container..."
+    exec sudo machinectl login workspace
 fi

cfg/claude.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Claude Code AI Assistant
+After=network.target
+
+[Service]
+Type=simple
+User=ai
+WorkingDirectory=/home/ai
+Environment=HOME=/home/ai
+ExecStart=/usr/bin/claude
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target

cfg/install.sh

@@ -58,6 +58,10 @@ systemctl enable --now systemd-machined
 echo "5. Creating initial backup image..."
 machinectl clone $NAME $BACKUP
 
+# Create workspace container for AI operations
+echo "6. Creating workspace container..."
+machinectl clone $NAME workspace
+
 echo ""
 echo "=== Installation complete ==="
 echo ""