kms-website: auto-fetch + auto-install GVLKs (no manual key lookup)

Scripts now detect the running edition and fetch the matching GVLK from a
published key list instead of requiring the user to copy one from the table.

- data/products.yaml: add editionid to every Windows/Server entry, plus build
  numbers where an EditionID spans releases (LTSC, Server). Azure Edition left
  unmapped on purpose (collides with Datacenter; KMS may fail there anyway).
- /keys.json: Hugo KEYS output format renders products.yaml as JSON
  (single source of truth). layouts/index.keys.json.
- setup-kms.ps1: when no VL key is installed, read registry EditionID
  (+build/ProductType for server) -> fetch /keys.json -> slmgr /ipk the match
  -> activate. Only acts when not already licensed (never clobbers retail).
- kms-bootstrap.ps1: same for Windows; for Office/Project/Visio, read
  Click-to-Run ProductReleaseIds -> ospp /inpkey the matching GVLK -> /act.
- $env:KMS_KEYS_URL overrides the key-list URL.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

static/scripts/kms-bootstrap.ps1

@@ -3,6 +3,8 @@
 # Interactive KMS activator. Asks what you want to activate (Windows /
 # already-installed Office / Project / Visio) and runs only what you confirm.
 # Points each product at the public KMS host (default: vlmcs.viktorbarzin.me:1688).
+# When a Volume License key is missing it auto-detects the edition/product and
+# fetches the matching GVLK from the published key list (no manual key lookup).
 #
 # Usage:
 #   iwr -UseBasicParsing https://kms.viktorbarzin.me/scripts/kms-bootstrap.ps1 | iex
@@ -20,7 +22,8 @@
 [CmdletBinding()]
 param(
     [string]$KmsHost = $(if ($env:KMS_HOST) { $env:KMS_HOST } else { 'vlmcs.viktorbarzin.me' }),
-    [int]   $KmsPort = $(if ($env:KMS_PORT) { [int]$env:KMS_PORT } else { 1688 })
+    [int]   $KmsPort = $(if ($env:KMS_PORT) { [int]$env:KMS_PORT } else { 1688 }),
+    [string]$KeysUrl = $(if ($env:KMS_KEYS_URL) { $env:KMS_KEYS_URL } else { 'https://kms.viktorbarzin.me/keys.json' })
 )
 
 $ErrorActionPreference = 'Stop'
@@ -83,17 +86,50 @@ function Get-WindowsLicense {
     [pscustomobject]@{ Licensed = ($p.LicenseStatus -eq 1); DaysLeft = [int]([math]::Round($p.GracePeriodRemaining / 1440)) }
 }
 
+# Fetch the published GVLK list once (single source of truth, no hardcoding).
+$script:KeysCache = $null
+function Get-Keys {
+    if ($script:KeysCache) { return $script:KeysCache }
+    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+    try { $script:KeysCache = (Invoke-WebRequest -UseBasicParsing -Uri $KeysUrl -TimeoutSec 20).Content | ConvertFrom-Json }
+    catch { Warn "Could not fetch the key list from $KeysUrl"; $script:KeysCache = $null }
+    return $script:KeysCache
+}
+
+# Auto-select the GVLK for THIS machine's edition (registry EditionID, locale-
+# independent; narrowed by build for LTSC/Server which share an EditionID).
+function Resolve-WindowsGvlk {
+    $cv = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -ErrorAction SilentlyContinue
+    if (-not $cv) { return $null }
+    $editionId = $cv.EditionID; $build = "$($cv.CurrentBuildNumber)"
+    $isServer = $false
+    try { $isServer = ((Get-CimInstance Win32_OperatingSystem -ErrorAction Stop).ProductType -ne 1) } catch {}
+    $keys = Get-Keys; if (-not $keys) { return $null }
+    $pool = if ($isServer) { $keys.windows_server } else { $keys.windows }
+    $m = $pool | Where-Object { $_.editionid -eq $editionId -and ( -not $_.builds -or ($_.builds -contains $build) ) } | Select-Object -First 1
+    if ($m) { Write-Host "    detected $editionId (build $build) -> $($m.edition)"; return $m.gvlk }
+    Write-Host "    no published GVLK matches EditionID '$editionId' (build $build)"
+    return $null
+}
+
 function Activate-Windows {
     Step "Windows activation"
     $slmgr = "$env:WINDIR\System32\slmgr.vbs"
     & cscript //Nologo $slmgr /skms "$KmsHost`:$KmsPort" | Out-Host
     if ($LASTEXITCODE -ne 0) { Bad "slmgr /skms failed"; return }
     $lic = Get-WindowsLicense
-    if ($null -eq $lic) { Bad "No Volume License Windows SKU - install a GVLK first (slmgr /ipk <GVLK>)."; return }
-    if ($lic.Licensed) { OK "Windows already licensed ($($lic.DaysLeft) days) - host pinned, skipping /ato"; return }
+    if ($lic -and $lic.Licensed) { OK "Windows already licensed ($($lic.DaysLeft) days) - host pinned, skipping /ato"; return }
+    if ($null -eq $lic) {
+        Step "No Volume License key - fetching the GVLK for this edition"
+        $gvlk = Resolve-WindowsGvlk
+        if (-not $gvlk) { Bad "Couldn't auto-select a GVLK. Pick one from https://kms.viktorbarzin.me/#windows and run: slmgr /ipk <GVLK>"; return }
+        Write-Host "    installing GVLK $gvlk"
+        & cscript //Nologo $slmgr /ipk $gvlk | Out-Host
+        if ($LASTEXITCODE -ne 0) { Bad "slmgr /ipk failed"; return }
+    }
     & cscript //Nologo $slmgr /ato | Out-Host
     $lic = Get-WindowsLicense
-    if ($lic.Licensed) { OK "Windows licensed ($($lic.DaysLeft) days)" }
+    if ($lic -and $lic.Licensed) { OK "Windows licensed ($($lic.DaysLeft) days)" }
     else { Bad "Windows not licensed - likely not a VL edition (Home/retail/OEM reject KMS). See https://kms.viktorbarzin.me/#faq" }
 }
 if ($doWin) { Activate-Windows }
@@ -113,6 +149,16 @@ function Find-Ospp {
     return $null
 }
 
+# Installed Click-to-Run Volume products, e.g. ProPlus2024Volume, VisioPro2024Volume.
+# These IDs match the `product` field in the published key list exactly.
+function Get-OfficeReleaseIds {
+    $c = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Office\ClickToRun\Configuration' -ErrorAction SilentlyContinue
+    if ($c -and $c.ProductReleaseIds) {
+        return $c.ProductReleaseIds.Split(',') | ForEach-Object { $_.Trim() } | Where-Object { $_ -match 'Volume$' }
+    }
+    return @()
+}
+
 function Activate-Ospp([string]$label) {
     $ospp = Find-Ospp
     if (-not $ospp) {
@@ -126,9 +172,19 @@ function Activate-Ospp([string]$label) {
     # in ospp output is a fixed literal, not localized).
     $st = & cscript //Nologo $ospp /dstatus 2>&1 | Out-String
     if ($st -match '---LICENSED---') { OK "$label already licensed - host set, skipping /act"; return }
+    # Not licensed: install the matching GVLK for each installed VL product of
+    # this family (Office = anything that isn't Project/Visio), fetched from the list.
+    $rels = Get-OfficeReleaseIds | Where-Object {
+        switch ($label) { 'Project' { $_ -match 'Project' } 'Visio' { $_ -match 'Visio' } default { $_ -notmatch 'Project|Visio' } }
+    }
+    $keys = Get-Keys
+    foreach ($rel in $rels) {
+        $k = if ($keys) { ($keys.office | Where-Object { $_.product -eq $rel } | Select-Object -First 1).gvlk } else { $null }
+        if ($k) { Write-Host "    $rel -> installing GVLK $k"; & cscript //Nologo $ospp /inpkey:$k | Out-Host }
+    }
     & cscript //Nologo $ospp /act | Out-Host
     $st = & cscript //Nologo $ospp /dstatus 2>&1 | Out-String
-    if ($st -match '---LICENSED---') { OK "$label licensed" } else { Warn "$label status not LICENSED yet (no VL Office SKU? See https://kms.viktorbarzin.me/#office)" }
+    if ($st -match '---LICENSED---') { OK "$label licensed" } else { Warn "$label status not LICENSED yet (no VL $label SKU installed? See https://kms.viktorbarzin.me/#office)" }
 }
 if ($doOfficeAct) { Activate-Ospp 'Office'  }
 if ($doProjAct)   { Activate-Ospp 'Project' }