refactor: make SSH additive boolean, add ide=none

SSH is now a standalone `ssh: true/false` value that starts sshd on
port 22 *in addition to* whatever IDE is running, rather than replacing
it. The `ide` value loses the `ssh` option and gains `none` (keep
container alive with no GUI IDE, useful when ssh: true is the only
access method).

- chart/values.yaml: replace `ide: ssh` with `ssh: false` boolean
- chart/templates/deployment.yaml: expose port 22 when ssh=true,
  port 5800 when ide!=none; probes use HTTP (VNC) or TCP socket (SSH-only)
- chart/templates/service.yaml: include both ports when both enabled
- scripts/cont-init-sshd.sh: check SSH=true instead of IDE=ssh
- scripts/startapp.sh: add ide=none case (sleep infinity), drop ssh case
- chart/Chart.yaml: bump to 0.1.6
- README.md: update IDE choice and SSH access docs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

README.md

@@ -75,19 +75,34 @@ A Chrome browser window will open inside VNC for the Claude Max OAuth login. Cre
 |-------|---------|-------------|
 | `name` | `""` | Instance name — used in all resource names (`devcontainer-{name}`) |
 | `githubRepo` | `""` | Repository to clone into `/workspace` on startup |
-| `ide` | `vscode` | IDE to launch — `vscode`, `antigravity`, or `ssh` (see below) |
+| `ide` | `vscode` | IDE to launch — `vscode`, `antigravity`, or `none` (see below) |
+| `ssh` | `false` | Also start an OpenSSH server on port 22 (additive, any `ide`) |
 | `image.repository` | `ghcr.io/cpfarhood/devcontainer` | Container image |
 | `image.tag` | `latest` | Image tag |
 
 ### IDE choice
 
+`ide` controls what GUI is launched in the VNC session:
+
 | Value | Port | Description |
 |-------|------|-------------|
 | `vscode` (default) | 5800 (VNC) | VSCode desktop via browser-based VNC |
 | `antigravity` | 5800 (VNC) | Google Antigravity (VSCode fork with AI) via VNC |
-| `ssh` | 22 (SSH) | OpenSSH server — no VNC GUI, connect via SSH |
+| `none` | — | No IDE; container stays alive (useful when `ssh: true`) |
 
-For `ssh` mode, add your public key to the env secret:
+### SSH access
+
+`ssh: true` starts OpenSSH on port 22 **in addition to** the IDE. It works with any `ide` value:
+
+```bash
+# SSH-only (no VNC)
+helm install mydev ./chart --set name=mydev --set ide=none --set ssh=true
+
+# VSCode in VNC + SSH access at the same time
+helm install mydev ./chart --set name=mydev --set ssh=true
+```
+
+Add your public key to the env secret:
 
 ```bash
 kubectl create secret generic devcontainer-mydev-secrets-env \
@@ -95,7 +110,7 @@ kubectl create secret generic devcontainer-mydev-secrets-env \
   --from-literal=SSH_AUTHORIZED_KEYS='ssh-ed25519 AAAA...'
 ```
 
-Then connect with:
+Then connect:
 
 ```bash
 kubectl port-forward deployment/devcontainer-mydev 2222:22
@@ -159,7 +174,7 @@ With any non-`none` value, a `ServiceAccount` named `devcontainer-{name}` is cre
 ```
 Container start
   → cont-init.d/20-fix-user-shell.sh   — fix shell/home on baseimage-gui app user
-  → cont-init.d/25-start-sshd.sh       — start sshd if IDE=ssh
+  → cont-init.d/25-start-sshd.sh       — start sshd if SSH=true
   → /startapp.sh  (runs as app user, UID 1000)
       → init-repo.sh
           → clone / pull GITHUB_REPO into /workspace/{repo}
@@ -167,7 +182,8 @@ Container start
           → happy daemon start           — starts Happy Coder background daemon
       → IDE=vscode:      code --new-window --wait /workspace/{repo}
         IDE=antigravity:  antigravity --new-window --wait /workspace/{repo}
-        IDE=ssh:          sleep infinity  (sshd already running as root)
+        IDE=none:         sleep infinity
+      (SSH=true: sshd also running as root on port 22)
 ```
 
 ### Storage

chart/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: devcontainer
 description: Antigravity Dev Container with Happy Coder AI assistant
 type: application
-version: 0.1.5
+version: 0.1.6
 appVersion: "latest"

chart/templates/deployment.yaml

@@ -25,18 +25,21 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
-            {{- if eq (.Values.ide | default "vscode") "ssh" }}
-            - containerPort: 22
-              name: ssh
-              protocol: TCP
-            {{- else }}
+            {{- if ne (.Values.ide | default "vscode") "none" }}
             - containerPort: 5800
               name: vnc-web
               protocol: TCP
             {{- end }}
+            {{- if .Values.ssh }}
+            - containerPort: 22
+              name: ssh
+              protocol: TCP
+            {{- end }}
           env:
             - name: IDE
               value: {{ .Values.ide | default "vscode" | quote }}
+            - name: SSH
+              value: {{ .Values.ssh | toString | quote }}
             - name: USER_ID
               value: {{ .Values.userId | quote }}
             - name: GROUP_ID
@@ -68,7 +71,7 @@ spec:
               mountPath: /home
             - name: workspace
               mountPath: /workspace
-          {{- if ne (.Values.ide | default "vscode") "ssh" }}
+          {{- if ne (.Values.ide | default "vscode") "none" }}
           livenessProbe:
             httpGet:
               path: /
@@ -81,7 +84,7 @@ spec:
               port: 5800
             initialDelaySeconds: 10
             periodSeconds: 5
-          {{- else }}
+          {{- else if .Values.ssh }}
           livenessProbe:
             tcpSocket:
               port: 22

chart/templates/service.yaml

@@ -6,16 +6,17 @@ metadata:
     {{- include "antigravity.labels" . | nindent 4 }}
 spec:
   ports:
-    {{- if eq (.Values.ide | default "vscode") "ssh" }}
-    - port: 22
-      name: ssh
-      protocol: TCP
-      targetPort: ssh
-    {{- else }}
+    {{- if ne (.Values.ide | default "vscode") "none" }}
     - port: 5800
       name: vnc-web
       protocol: TCP
       targetPort: vnc-web
     {{- end }}
+    {{- if .Values.ssh }}
+    - port: 22
+      name: ssh
+      protocol: TCP
+      targetPort: ssh
+    {{- end }}
   selector:
     {{- include "antigravity.labels" . | nindent 4 }}

chart/values.yaml

@@ -13,10 +13,13 @@ githubRepo: ""
 # Options:
 #   vscode      — VSCode via VNC browser UI on port 5800 (default)
 #   antigravity — Google Antigravity (VSCode fork) via VNC on port 5800
-#   ssh         — OpenSSH server on port 22 (no VNC GUI)
-#                 Requires SSH_AUTHORIZED_KEYS in the env secret.
+#   none        — no IDE; useful when ssh: true is the sole access method
 ide: vscode
 
+# Start an OpenSSH server on port 22 in addition to the IDE.
+# Set SSH_AUTHORIZED_KEYS in the env secret to allow key-based login.
+ssh: false
+
 # Happy Coder endpoints
 happyServerUrl: "https://happy.farh.net"
 happyWebappUrl: "https://happy-coder.farh.net"

scripts/cont-init-sshd.sh

@@ -1,9 +1,9 @@
 #!/bin/sh
-# Start OpenSSH server for SSH IDE mode.
+# Start OpenSSH server when SSH=true.
 # Runs as root during container initialisation (cont-init.d).
-[ "${IDE:-vscode}" = "ssh" ] || exit 0
+[ "${SSH:-false}" = "true" ] || exit 0
 
-echo "=== SSH IDE mode: starting sshd ==="
+echo "=== SSH enabled: starting sshd ==="
 
 # Generate host keys if missing (first boot or ephemeral /etc/ssh)
 ssh-keygen -A 2>/dev/null || true

scripts/startapp.sh

@@ -23,8 +23,8 @@ case "$IDE" in
         echo "Opening Google Antigravity in: $WORKSPACE_DIR"
         exec antigravity --new-window --wait "$WORKSPACE_DIR"
         ;;
-    ssh)
-        echo "SSH mode: sshd started by cont-init. Keeping container alive."
+    none)
+        echo "IDE=none: no IDE launched, keeping container alive."
         exec sleep infinity
         ;;
     *)