- Restore workspace auto-entry on ai user login
- Use systemd-nspawn -q -D to enter workspace
- Start claude with --dangerously-skip-permissions (no approval needed)
- Grant wheel group full sudo access (NOPASSWD: ALL) for container operation
- ai user can perform all root operations via sudo in workspace
- Delete aios-startup script copying and sourcing
- Delete config.json creation
- Simplify .zshrc to only include claude auto-start
- Fixes claude not starting on ai user login
Changes:
- Delete cfg/setup-claude.sh (MCP setup now manual)
- Remove restore container creation (user manages backups)
- Remove workspace auto-entry from .zshrc
- Remove MCP auto-registration
- Change ai user .zshrc to run claude once on login (not exec)
- User now manually starts containers and registers MCP as needed
New flow:
1. ai user auto-login
2. claude starts once (not exec, returns to shell after exit)
3. User manually starts workspace container if needed
4. User manually registers MCP servers
- Remove incorrect nested container settings
- Audit error cannot be solved with nspawn config (kernel issue)
- Keep simple config: Boot=yes, Bind mount, no VirtualEthernet
- Works in production (aios as OS), not in test (nested container)
- Add Capability=all for full capabilities
- Add SystemCallFilter=@keyring bpf for required syscalls
- Set PrivateUsers=no to avoid user namespace issues
- Set SuppressSync=false for Docker compatibility
- Fixes audit errors in nested systemd-nspawn containers
- Replace systemd-nspawn with chroot to avoid nested container audit errors
- Add manual bind mount setup for /home/ai:/root sharing
- Add mount and chroot to sudoers permissions
- chroot avoids kernel audit subsystem conflicts in nested containers
- Replace machinectl shell with systemd-nspawn -q -D
- Add systemd-nspawn to sudoers permissions
- Simpler and more direct container entry
- No dependency on systemd-machined service
- Remove Boot=yes from workspace.nspawn configuration
- Use machinectl shell directly without starting/booting container
- Avoids "Failed to reset audit login UID" error in nested containers
- machinectl shell works with non-booted containers via namespace entry
Error: Failed to adjust UID/GID shift of OS tree
Cause: Cannot use PrivateUsers inside a container that already uses it
Solution: Remove PrivateUsers=pick from workspace.nspawn
Perfect solution for aios concept:
- workspace.nspawn: Bind=/home/ai:/root
- ai user and workspace root share the SAME home directory
- Same .zshrc, .claude.json, .config, all data/settings/history
- INSIDE_WORKSPACE env var prevents infinite loop
- Flow: ai login → enter workspace → claude starts
- All configuration and memory perfectly shared
ai user now uses workspace container's claude via wrapper function.
This ensures ai user and container root share the same:
- claude configuration
- MCP settings
- conversation history/memory
Flow:
1. ai user login → workspace starts
2. ai user runs 'claude' → calls workspace container's claude
3. Container root runs 'claude' → same claude instance
4. Configuration and memory are shared
Implemented the 3 core requirements:
1. Auto-login as ai user (already done)
2. ai user automatically starts workspace container on login
3. Container root automatically starts claude with MCP
Flow:
aios boot → ai user auto-login → workspace starts → enter workspace as root → claude auto-starts
Changes:
- ai user .zshrc: auto-start workspace and exec into it
- root .zshrc: auto-start claude with MCP
- Moved user-continer.sh to after setup-claude.sh to include all configs
- Renamed init-containers.sh to user-continer.sh
- Moved container creation from ai user first login to build.zsh
- Removed initialization check from ai user .zshrc
- Child containers (workspace, restore-img) now pre-created by root
- ai user simply uses pre-existing containers
- Simplified install.sh to just extract and mv
- Renamed root.x86_64/var/lib/machines/arch to aios
- Updated all references in build.zsh, setup-user.sh, setup-claude.sh
- Created init-containers.sh to create workspace and restore-img
- Runs automatically on ai user's first login
- Uses ~/.aios-initialized flag to run once
- Updated sudoers to allow pacstrap, arch-chroot commands
- Added pts/0-9 to /etc/securetty for systemd-nspawn login
- Enabled systemd-machined for ai user to use machinectl
- Added arch-install-scripts package for pacstrap support inside aios
Add automatic MCP registration in .zshrc that runs after .claude.json is created.
On second login, aigpt server will be automatically registered to Claude Code.
Moved essential aios components to build.zsh (base layer):
- sudoers configuration (wheel group permissions)
- aigpt install (aios core package)
- aibot install (aios core package) - renamed from 'ai' to 'aibot'
Updated module responsibilities:
- build.zsh: Arch base + aios core packages (required)
- setup-user.sh: User customization only
- setup-claude.sh: Claude MCP configuration only
Benefits:
- Clear separation: base vs customization
- aigpt/aibot always included (core aios functionality)
- Modules can be optionally skipped for customization
Separated build.zsh into 3 clear parts:
1. build.zsh (Arch Linux base construction)
- archiso bootstrap
- pacstrap base system
- install base packages
- install Claude Code
2. cfg/setup-user.sh (User setup)
- Create ai user
- Configure sudoers
- Setup auto-login
- Configure zshrc and auto-start
3. cfg/setup-claude.sh (Claude/aigpt setup)
- Install aigpt
- Configure MCP
- Setup symlinks
- Initialize database
Benefits:
- Each file has a single, clear responsibility
- Easier to maintain and modify
- Can skip/customize setup steps if needed
- GitHub Actions simplified to just run build.zsh
