ai/os
1
0
Fork 0
Code Issues Actions Packages Releases 1 Wiki Activity

Compare commits

base: ai:66a95b912b126210a23ec28277b227bfbc4c5e36
Branches Tags
ai:main
ai:latest
..
compare: ai:18d28603973002d74233eeabc22efc9c64d59ffe
Branches Tags
ai:main
ai:latest

21 Commits
66a95b912b ... 18d2860397

Author SHA1 Message Date
syui
18d2860397 fix ai user
Some checks failed
build and push image / Release (push) Failing after 1m18s
Details
2025-11-09 05:26:32 +09:00
syui
66b416ebde Merge pull request #9 from syui/claude/aios-initial-direction-011CUrcij89bjpsbc7k8wQeo 
Claude/aios initial direction 011 c urcij89bjpsbc7k8w qeo
 2025-11-09 05:22:58 +09:00
Claude
b7b59f593a refactor: Enable workspace auto-entry with full sudo and skip permissions 
- Restore workspace auto-entry on ai user login
- Use systemd-nspawn -q -D to enter workspace
- Start claude with --dangerously-skip-permissions (no approval needed)
- Grant wheel group full sudo access (NOPASSWD: ALL) for container operation
- ai user can perform all root operations via sudo in workspace
 2025-11-08 20:17:02 +00:00
Claude
3d86677dd2 fix: Add network configuration to install.sh 
- Create /etc/systemd/nspawn/aios.nspawn during installation
- Set Network Private=no to share host network
- Allows claude to connect to api.anthropic.com
- Fixes EAI_AGAIN network error
 2025-11-08 19:44:20 +00:00
Claude
c20c49d5e0 fix: Remove unnecessary aios.zsh and config.json 
- Delete aios-startup script copying and sourcing
- Delete config.json creation
- Simplify .zshrc to only include claude auto-start
- Fixes claude not starting on ai user login
 2025-11-08 19:42:18 +00:00
syui
c93f972c4a Merge pull request #8 from syui/claude/aios-initial-direction-011CUrcij89bjpsbc7k8wQeo 
Claude/aios initial direction 011 c urcij89bjpsbc7k8w qeo
 2025-11-08 22:27:22 +09:00
Claude
5d7f06282e refactor: Simplify startup - user manages containers and MCP 
Changes:
- Delete cfg/setup-claude.sh (MCP setup now manual)
- Remove restore container creation (user manages backups)
- Remove workspace auto-entry from .zshrc
- Remove MCP auto-registration
- Change ai user .zshrc to run claude once on login (not exec)
- User now manually starts containers and registers MCP as needed

New flow:
1. ai user auto-login
2. claude starts once (not exec, returns to shell after exit)
3. User manually starts workspace container if needed
4. User manually registers MCP servers
 2025-11-08 13:04:28 +00:00
Claude
2162463382 Revert workspace.nspawn to simple configuration 
- Remove incorrect nested container settings
- Audit error cannot be solved with nspawn config (kernel issue)
- Keep simple config: Boot=yes, Bind mount, no VirtualEthernet
- Works in production (aios as OS), not in test (nested container)
 2025-11-07 20:00:21 +00:00
Claude
f965547b6c fix: Add nested container support to workspace.nspawn 
- Add Capability=all for full capabilities
- Add SystemCallFilter=@keyring bpf for required syscalls
- Set PrivateUsers=no to avoid user namespace issues
- Set SuppressSync=false for Docker compatibility
- Fixes audit errors in nested systemd-nspawn containers
 2025-11-07 19:54:07 +00:00
Claude
d3ea2cc78d Revert: Restore Boot=yes and machinectl start workspace 
- Restore Boot=yes in workspace.nspawn
- Restore machinectl start workspace in .zshrc
- Boot method is necessary for proper systemd environment
 2025-11-07 19:06:30 +00:00
Claude
66f3fe4045 Revert to systemd-nspawn without manual bind mount 
- Remove chroot approach
- Use systemd-nspawn -q -D directly
- workspace.nspawn config (Bind mount) will be automatically applied
- Simpler and cleaner approach
 2025-11-07 19:02:01 +00:00
Claude
30ebfcf933 refactor: Use chroot instead of systemd-nspawn for workspace entry 
- Replace systemd-nspawn with chroot to avoid nested container audit errors
- Add manual bind mount setup for /home/ai:/root sharing
- Add mount and chroot to sudoers permissions
- chroot avoids kernel audit subsystem conflicts in nested containers
 2025-11-07 18:59:08 +00:00
Claude
66a5c6d16f refactor: Use systemd-nspawn directly instead of machinectl 
- Replace machinectl shell with systemd-nspawn -q -D
- Add systemd-nspawn to sudoers permissions
- Simpler and more direct container entry
- No dependency on systemd-machined service
 2025-11-07 18:57:53 +00:00
syui
62db018527 Merge pull request #7 from syui/claude/aios-initial-direction-011CUrcij89bjpsbc7k8wQeo 
Claude/aios initial direction 011 c urcij89bjpsbc7k8w qeo
 2025-11-08 03:28:49 +09:00
Claude
111fa7b828 fix: Remove Boot requirement from workspace to avoid audit error 
- Remove Boot=yes from workspace.nspawn configuration
- Use machinectl shell directly without starting/booting container
- Avoids "Failed to reset audit login UID" error in nested containers
- machinectl shell works with non-booted containers via namespace entry
 2025-11-07 18:14:24 +00:00
Claude
7b0cb8e183 fix: Remove PrivateUsers from workspace.nspawn to fix nested container issue 
Error: Failed to adjust UID/GID shift of OS tree
Cause: Cannot use PrivateUsers inside a container that already uses it
Solution: Remove PrivateUsers=pick from workspace.nspawn
 2025-11-07 18:05:16 +00:00
syui
2d98f58232 Merge pull request #6 from syui/claude/aios-initial-direction-011CUrcij89bjpsbc7k8wQeo 
Claude/aios initial direction 011 c urcij89bjpsbc7k8w qeo
 2025-11-08 02:33:23 +09:00
Claude
fe1f150634 refactor: Rename restore-img to restore 2025-11-07 17:30:25 +00:00
Claude
e62288c872 fix: Add backup step in user-continer.sh to prevent recursion 
Without backup, cp -a root.x86_64 root.x86_64/var/lib/machines/workspace
creates incomplete containers (only var/ directory).

Solution: Backup before creating /var/lib/machines directory, then copy
the clean backup to workspace and restore-img.
 2025-11-07 17:29:35 +00:00
syui
fd922287c0 Merge pull request #5 from syui/claude/aios-initial-direction-011CUrcij89bjpsbc7k8wQeo 
chore: Clean up source directories after building aigpt and aibot
 2025-11-08 02:18:06 +09:00
Claude
2773101035 chore: Clean up source directories after building aigpt and aibot 
Remove gpt/ and bot/ directories after copying binaries to save disk space.
 2025-11-07 17:17:05 +00:00
5 changed files with 35 additions and 107 deletions
Expand all files Collapse all files

18
build.zsh
View File

@@ -63,17 +63,18 @@ arch-chroot root.x86_64 /bin/sh -c 'npm i -g @anthropic-ai/claude-code'
# Copy os-release
cp -rf ./cfg/os-release root.x86_64/etc/os-release
# Configure sudoers for wheel group
# Configure sudoers for wheel group (full access for container operation)
echo "Configuring sudoers..."
arch-chroot root.x86_64 /bin/sh -c 'echo "%wheel ALL=(ALL:ALL) NOPASSWD: /usr/bin/pacman, /usr/bin/pacstrap, /usr/bin/arch-chroot, /usr/bin/rm, /usr/bin/mkdir, /usr/bin/mv, /usr/bin/cp, /usr/bin/poweroff, /usr/bin/reboot, /usr/bin/machinectl, /bin/bash" >> /etc/sudoers'
arch-chroot root.x86_64 /bin/sh -c 'echo "%wheel ALL=(ALL:ALL) NOPASSWD: /usr/bin/pacman -Syu --noconfirm, /usr/bin/poweroff, /usr/bin/reboot" >> /etc/sudoers'
arch-chroot root.x86_64 /bin/sh -c 'echo "ai ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers'
# Install aigpt (aios core package)
echo "Installing aigpt..."
arch-chroot root.x86_64 /bin/sh -c 'git clone https://git.syui.ai/ai/gpt && cd gpt && cargo build --release && cp -rf ./target/release/aigpt /bin/'
arch-chroot root.x86_64 /bin/sh -c 'git clone https://git.syui.ai/ai/gpt && cd gpt && cargo build --release && cp -rf ./target/release/aigpt /bin/ && cd .. && rm -rf gpt'
# Install aibot (aios core package)
echo "Installing aibot..."
arch-chroot root.x86_64 /bin/sh -c 'git clone https://git.syui.ai/ai/bot && cd bot && cargo build && cp -rf ./target/debug/aibot /bin/ && aibot ai'
arch-chroot root.x86_64 /bin/sh -c 'git clone https://git.syui.ai/ai/bot && cd bot && cargo build && cp -rf ./target/debug/aibot /bin/ && aibot ai && cd .. && rm -rf bot'
echo "✓ Arch Linux base complete"
echo ""
@@ -86,14 +87,7 @@ bash ./cfg/setup-user.sh
echo ""
# ============================================
# 3. Claude & aigpt Setup
# ============================================
bash ./cfg/setup-claude.sh
echo ""
# ============================================
# 4. Create child containers (after all configuration)
# 3. Create workspace container (after all configuration)
# ============================================
bash ./cfg/user-continer.sh

11
cfg/install.sh
View File

@@ -11,6 +11,17 @@ tar xf "$TARBALL"
mkdir -p /var/lib/machines
mv root.x86_64 /var/lib/machines/$NAME
# Create aios.nspawn for network access
echo "Creating network configuration..."
mkdir -p /etc/systemd/nspawn
cat > /etc/systemd/nspawn/$NAME.nspawn <<'EOF'
[Exec]
Boot=yes
[Network]
Private=no
EOF
echo "=== Installation complete ==="
echo ""
echo "Usage:"

50
cfg/setup-claude.sh
View File

@@ -1,50 +0,0 @@
#!/bin/bash
# Claude Code MCP setup for aios
# Configures MCP, sets up shared memory
ROOTFS="root.x86_64"
echo "=== Claude MCP Setup ==="
# Setup Claude Code MCP configuration (shared via symlink)
echo "Configuring MCP..."
# Create actual config in syui/ai/claude (bind-mounted)
arch-chroot $ROOTFS /bin/sh -c 'mkdir -p /root/.config/syui/ai/claude'
cat > $ROOTFS/root/.config/syui/ai/claude/claude_desktop_config.json <<'EOF'
{
"mcpServers": {
"aigpt": {
"command": "aigpt",
"args": ["server", "--enable-layer4"]
}
}
}
EOF
# Create symlink for root
arch-chroot $ROOTFS /bin/sh -c 'ln -sf /root/.config/syui/ai/claude /root/.config/claude'
# Setup for ai user too
arch-chroot $ROOTFS /bin/sh -c 'mkdir -p /home/ai/.config/syui/ai/claude'
arch-chroot $ROOTFS /bin/sh -c 'cp /root/.config/syui/ai/claude/claude_desktop_config.json /home/ai/.config/syui/ai/claude/'
arch-chroot $ROOTFS /bin/sh -c 'ln -sf /home/ai/.config/syui/ai/claude /home/ai/.config/claude'
arch-chroot $ROOTFS /bin/sh -c 'chown -R ai:ai /home/ai/.config/syui'
# Create config directory
arch-chroot $ROOTFS /bin/sh -c 'mkdir -p /root/.config/syui/ai/gpt'
# Copy MCP and aios configuration
echo "Copying configuration files..."
cp -rf ./cfg/mcp.json $ROOTFS/root/.config/syui/ai/mcp.json
cp -rf ./cfg/config.toml $ROOTFS/root/.config/syui/ai/config.toml
# Initialize aigpt database with WAL mode
echo "Initializing aigpt database..."
arch-chroot $ROOTFS /bin/sh -c 'aigpt server --enable-layer4 &'
sleep 2
arch-chroot $ROOTFS /bin/sh -c 'pkill aigpt'
arch-chroot $ROOTFS /bin/sh -c 'if command -v sqlite3 &>/dev/null; then sqlite3 /root/.config/syui/ai/gpt/memory.db "PRAGMA journal_mode=WAL; PRAGMA synchronous=NORMAL;"; fi'
# Note: claude auto-start is configured in ai user's .zshrc (shared with workspace root via bind mount)
echo "✓ Claude MCP setup complete"

42
cfg/setup-user.sh
View File

@@ -36,7 +36,6 @@ mkdir -p $ROOTFS/etc/systemd/nspawn
cat > $ROOTFS/etc/systemd/nspawn/workspace.nspawn <<'EOF'
[Exec]
Boot=yes
PrivateUsers=pick
ResolvConf=copy-host
[Files]
@@ -62,28 +61,19 @@ cp -rf ./cfg/zshrc $ROOTFS/root/.zshrc
# Copy .zshrc for user 'ai'
cp -rf ./cfg/zshrc $ROOTFS/home/ai/.zshrc
# Add workspace container auto-start and entry (shared .zshrc for ai user and workspace root)
# Add workspace auto-entry and claude auto-start
cat >> $ROOTFS/home/ai/.zshrc <<'EOF'
# MCP auto-setup (run once after .claude.json is created)
if [[ -f ~/.claude.json ]] && ! grep -q '"aigpt"' ~/.claude.json 2>/dev/null; then
if command -v claude &>/dev/null && command -v aigpt &>/dev/null; then
claude mcp add aigpt aigpt server &>/dev/null || true
fi
fi
# aios concept: container from start (ai user and workspace root share this .zshrc)
# aios: auto-enter workspace container
if [[ -o login ]] && [[ -o interactive ]]; then
if [[ -z "$INSIDE_WORKSPACE" ]]; then
# Running as ai user on aios OS - enter workspace container
# Enter workspace container
export INSIDE_WORKSPACE=1
sudo machinectl start workspace 2>/dev/null || true
sleep 1
exec sudo machinectl shell workspace
exec sudo systemd-nspawn -q -D /var/lib/machines/workspace /bin/zsh
else
# Running as root inside workspace container - start claude
# Inside workspace - start claude with skip permissions
if command -v claude &>/dev/null; then
claude
claude --dangerously-skip-permissions
fi
fi
fi
@@ -91,24 +81,4 @@ EOF
arch-chroot $ROOTFS /bin/sh -c 'chown ai:ai /home/ai/.zshrc'
# Copy aios startup script
cp -rf ./cfg/aios.zsh $ROOTFS/usr/local/bin/aios-startup
arch-chroot $ROOTFS /bin/sh -c 'chmod +x /usr/local/bin/aios-startup'
# Create default config directory and file for user 'ai'
arch-chroot $ROOTFS /bin/sh -c 'mkdir -p /home/ai/.config/syui/ai/os'
cat > $ROOTFS/home/ai/.config/syui/ai/os/config.json <<'EOF'
{
"shell": false
}
EOF
arch-chroot $ROOTFS /bin/sh -c 'chown -R ai:ai /home/ai/.config'
# Update .zshrc to source startup script
cat >> $ROOTFS/home/ai/.zshrc <<'EOF'
# aios startup
source /usr/local/bin/aios-startup
EOF
echo "✓ User setup complete"

21
cfg/user-continer.sh
View File

@@ -1,20 +1,23 @@
#!/bin/bash
# Create child containers inside aios for ai user
# Simply copy the aios itself as child containers
# Create workspace container inside aios for ai user
# Backup aios before creating /var/lib/machines to avoid recursion
ROOTFS="root.x86_64"
echo "=== Creating child containers ==="
echo "=== Creating workspace container ==="
# Backup current aios to temp location (before creating /var/lib/machines)
echo "Backing up aios..."
cp -a $ROOTFS /tmp/aios-backup-$$
# Create directory for child containers
mkdir -p $ROOTFS/var/lib/machines
# Copy aios as workspace
# Copy backup as workspace
echo "Creating workspace container..."
cp -a $ROOTFS $ROOTFS/var/lib/machines/workspace
cp -a /tmp/aios-backup-$$ $ROOTFS/var/lib/machines/workspace
# Copy aios as restore-img
echo "Creating restore-img container..."
cp -a $ROOTFS $ROOTFS/var/lib/machines/restore-img
# Cleanup temp backup
rm -rf /tmp/aios-backup-$$
echo "✓ Child containers created"
echo "✓ Workspace container created"