ConfigLMM 0.2.0 → 0.4.0

data/Plugins/Apps/Vaultwarden/Vaultwarden.container

@@ -0,0 +1,16 @@
+[Unit]
+Description=vaultwarden container
+After=local-fs.target
+
+[Container]
+AutoUpdate=registry
+Image=ghcr.io/dani-garcia/vaultwarden:latest
+Exec=/start.sh
+EnvironmentFile=/var/lib/vaultwarden/.config/containers/systemd/Vaultwarden.env
+Network=slirp4netns:allow_host_loopback=true
+PublishPort=0.0.0.0:18000:8000
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/var/lib/vaultwarden/data/:/data/
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/Vaultwarden/Vaultwarden.lmm.rb

@@ -5,8 +5,13 @@ module ConfigLMM
     module LMM
         class Vaultwarden < Framework::NginxApp
 
+            NAME = 'Vaultwarden'
+            USER = 'vaultwarden'
+            HOME_DIR = '/var/lib/vaultwarden'
+            SERVICE_PORT = '18000'
+
             def actionVaultwardenBuild(id, target, state, context, options)
-                writeNginxConfig(__dir__, 'Vaultwarden', id, target, state, context, options)
+                writeNginxConfig(__dir__, NAME, id, target, state, context, options)
             end
 
             def actionVaultwardenDiff(id, target, activeState, context, options)
@@ -14,8 +19,46 @@ module ConfigLMM
             end
 
             def actionVaultwardenDeploy(id, target, activeState, context, options)
-                if !target['Location'] || target['Location'] == '@me'
-                    deployNginxConfig(id, target, activeState, context, options)
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    self.class.sshStart(uri) do |ssh|
+                        if !target.key?('Proxy') || target['Proxy'] != 'only'
+                            distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
+                            Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'Vaultwarden', distroInfo, ssh)
+                            self.class.sshExec!(ssh, "su --login #{USER} --shell /bin/sh --command 'mkdir -p ~/data'")
+                            path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
+                            self.class.sshExec!(ssh, "echo 'ROCKET_PORT=8000' > #{path}/Vaultwarden.env")
+                            if target['Domain']
+                                self.class.sshExec!(ssh, "echo 'DOMAIN=https://#{target['Domain']}' >> #{path}/Vaultwarden.env")
+                            end
+                            target['Signups'] = false unless target['Signups']
+                            self.class.sshExec!(ssh, "echo 'SIGNUPS_ALLOWED=#{target['Signups'].to_s}' >> #{path}/Vaultwarden.env")
+                            if target.key?('Invitations')
+                                self.class.sshExec!(ssh, "echo 'INVITATIONS_ALLOWED=#{target['Invitations'].to_s}' >> #{path}/Vaultwarden.env")
+                            end
+                            if ENV.key?('VAULTWARDEN_ADMIN_TOKEN')
+                                token = ENV['VAULTWARDEN_ADMIN_TOKEN']
+                                token = SecureRandom.alphanumeric(40) if token.empty?
+                                self.class.sshExec!(ssh, "echo 'ADMIN_TOKEN=#{token}' >> #{path}/Vaultwarden.env")
+                            end
+                            self.class.sshExec!(ssh, "chown #{USER}:#{USER} #{path}/Vaultwarden.env")
+                            self.class.sshExec!(ssh, "chmod 600 #{path}/Vaultwarden.env")
+
+                            ssh.scp.upload!(__dir__ + '/Vaultwarden.container', path)
+                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ daemon-reload")
+                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ start Vaultwarden")
+                            if target['Proxy'] != 'only'
+                                Framework::LinuxApp.firewallAddPortOverSSH(SERVICE_PORT + '/tcp', ssh)
+                            end
+                        end
+                        if !target.key?('Proxy') || !!target['Proxy']
+                            self.class.prepareNginxConfig(target, ssh)
+                            writeNginxConfig(__dir__, NAME, id, target, state, context, options)
+                            deployNginxConfig(id, target, activeState, context, options)
+                        end
+                    end
+                else
+                    # TODO
                     activeState['Location'] = '@me'
                 end
             end

data/Plugins/Apps/Wiki.js/Wiki.js.conf.erb

@@ -0,0 +1,42 @@
+
+server {
+
+    <% if !config['TLS'] %>
+        listen       <%= config['Port'] %>;
+        listen  [::]:<%= config['Port'] %>;
+    <% else %>
+        <% if config['NginxVersion'] >= 1.25 %>
+            listen <%= config['Port'] %> ssl;
+            listen [::]:<%= config['Port'] %> ssl;
+            http2 on;
+            http3 on;
+            quic_retry on;
+            add_header Alt-Svc 'h3=":<%= config['Port'] %>"; ma=86400';
+        <% else %>
+            listen <%= config['Port'] %> ssl http2;
+            listen [::]:<%= config['Port'] %> ssl http2;
+        <% end %>
+
+        include config-lmm/ssl.conf;
+    <% end %>
+
+    server_name <%= config['Domain'] %>;
+
+    access_log  /var/log/nginx/wikijs.access.log;
+    error_log   /var/log/nginx/wikijs.error.log;
+
+    include config-lmm/errors.conf;
+    include config-lmm/security.conf;
+
+    location / {
+        <% if config['Server'] %>
+            proxy_pass <%= config['Server'] %>;
+        <% else %>
+            proxy_pass http://127.0.0.1:13200;
+        <% end %>
+
+        include config-lmm/proxy.conf;
+    }
+
+}
+

data/Plugins/Apps/Wiki.js/Wiki.js.container

@@ -0,0 +1,15 @@
+
+[Unit]
+Description=Wiki.js container
+After=local-fs.target
+
+[Container]
+Image=docker.io/requarks/wiki:latest
+EnvironmentFile=/var/lib/wikijs/.config/containers/systemd/Wiki.js.env
+Network=slirp4netns:allow_host_loopback=true
+PublishPort=127.0.0.1:13200:3000
+UserNS=keep-id:uid=1000,gid=1000
+AutoUpdate=registry
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/Wiki.js/Wiki.js.lmm.rb

@@ -0,0 +1,61 @@
+
+module ConfigLMM
+    module LMM
+        class WikiJS < Framework::NginxApp
+
+            USER = 'wikijs'
+            HOME_DIR = '/var/lib/wikijs'
+            HOST_IP = '10.0.2.2'
+
+            def actionWikiJSDeploy(id, target, activeState, context, options)
+                raise Framework::PluginProcessError.new('Domain field must be set!') unless target['Domain']
+
+                target['Database'] ||= {}
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    raise Framework::PluginProcessError.new("#{id}: Unknown Protocol: #{uri.scheme}!") if uri.scheme != 'ssh'
+
+                    self.class.sshStart(uri) do |ssh|
+
+                        dbPassword = self.configurePostgreSQL(target['Database'], ssh)
+                        distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
+                        Framework::LinuxApp.configurePodmanServiceOverSSH(USER, HOME_DIR, 'Wiki.js', distroInfo, ssh)
+
+                        path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', HOME_DIR)
+                        self.class.exec("echo 'DB_TYPE=postgres' > #{path}/Wiki.js.env", ssh)
+                        self.class.exec("echo 'DB_HOST=#{HOST_IP}' >> #{path}/Wiki.js.env", ssh)
+                        self.class.exec("echo 'DB_PORT=5432' >> #{path}/Wiki.js.env", ssh)
+                        self.class.exec("echo 'DB_USER=#{USER}' >> #{path}/Wiki.js.env", ssh)
+                        self.class.exec("echo 'DB_NAME=#{USER}' >> #{path}/Wiki.js.env", ssh)
+                        self.class.exec(" echo 'DB_PASS=#{dbPassword}' >> #{path}/Wiki.js.env", ssh)
+
+                        self.class.exec("chown #{USER}:#{USER} #{path}/Wiki.js.env", ssh)
+                        self.class.exec("chmod 600 #{path}/Wiki.js.env", ssh)
+
+                        ssh.scp.upload!(__dir__ + '/Wiki.js.container', path)
+                        self.class.exec("systemctl --user --machine=#{USER}@ daemon-reload", ssh)
+                        self.class.exec("systemctl --user --machine=#{USER}@ restart Wiki.js", ssh)
+
+                        Framework::LinuxApp.ensurePackages([NGINX_PACKAGE], ssh)
+                        Framework::LinuxApp.ensureServiceAutoStartOverSSH(NGINX_PACKAGE, ssh)
+                        self.class.prepareNginxConfig(target, ssh)
+                        self.writeNginxConfig(__dir__, 'Wiki.js', id, target, state, context, options)
+                        self.deployNginxConfig(id, target, activeState, context, options)
+                        Framework::LinuxApp.startServiceOverSSH(NGINX_PACKAGE, ssh)
+
+                    end
+                else
+                    # TODO
+                end
+            end
+
+            def configurePostgreSQL(settings, ssh)
+                password = SecureRandom.alphanumeric(20)
+                PostgreSQL.createRemoteUserAndDBOverSSH(settings, USER, password, ssh)
+                password
+            end
+
+        end
+    end
+end
+

data/Plugins/Apps/gollum/gollum.conf.erb

@@ -1,27 +1,45 @@
 
 server {
 
-    <% if !config['TLS'] %>
-        listen       <%= config['Port'] %>;
-        listen  [::]:<%= config['Port'] %>;
-    <% else %>
-        listen       <%= config['Port'] %> ssl;
-        listen  [::]:<%= config['Port'] %> ssl;
+    <% if config['NginxVersion'] >= 1.25 %>
+        <% if !config['TLS'] %>
+            listen       <%= config['Port'] %>;
+            listen  [::]:<%= config['Port'] %>;
+        <% else %>
+            listen       <%= config['Port'] %> ssl;
+            listen  [::]:<%= config['Port'] %> ssl;
+
+            include config-lmm/ssl.conf;
+        <% end %>
         http2 on;
-        include config-lmm/ssl.conf;
+        http3 on;
+        quic_retry on;
+        add_header Alt-Svc 'h3=":443"; ma=86400';
+    <% else %>
+        <% if !config['TLS'] %>
+            listen       <%= config['Port'] %>;
+            listen  [::]:<%= config['Port'] %>;
+        <% else %>
+            listen       <%= config['Port'] %> ssl http2;
+            listen  [::]:<%= config['Port'] %> ssl http2;
+
+            include config-lmm/ssl.conf;
+        <% end %>
     <% end %>
 
     server_name <%= config['Domain'] %>;
 
-    root               <%= config['Root'] %>;
-    passenger_app_root /srv/gollum;
-
-    try_files    $uri @Passenger;
+    <% if config['Root'] %>
+        root               <%= config['Root'] %>;
+    <% end %>
 
     access_log  /var/log/nginx/gollum.access.log;
     error_log   /var/log/nginx/gollum.error.log;
 
-    include config-lmm/private.conf;
+    <% if config['AuthentikDomain'].nil? %>
+        include config-lmm/private.conf;
+    <% end %>
+
     include config-lmm/errors.conf;
 
     <% if config['CertName'] %>
@@ -30,12 +48,59 @@ server {
         ssl_trusted_certificate "/etc/letsencrypt/live/<%= config['CertName'] %>/chain.pem";
     <% end %>
 
-    location @Passenger {
-        passenger_enabled on;
-        passenger_min_instances 1;
-        rails_env production;
+    <% if config['Passenger'] %>
+        passenger_app_root /srv/gollum;
+
+        try_files    $uri @Passenger;
+
+        location @Passenger {
+            passenger_enabled on;
+            passenger_min_instances 1;
+            rails_env production;
+
+            #passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
+            #limit_req zone=one burst=5;
+        }
+    <% else %>
+        location / {
+            proxy_pass <%= config['Server'] %>;
+
+            <% if config['AuthentikDomain'] %>
+                error_page       401 = @authenticate;
+                include config-lmm/errors.conf;
+
+                auth_request     /outpost.goauthentik.io/auth/nginx;
+
+                # translate headers from the outposts back to the actual upstream
+                auth_request_set $authentik_username $upstream_http_x_authentik_username;
+                auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
+                auth_request_set $authentik_email $upstream_http_x_authentik_email;
+                auth_request_set $authentik_name $upstream_http_x_authentik_name;
+                auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
+
+                proxy_set_header REMOTE_USER $authentik_username;
+                proxy_set_header REMOTE_GROUPS $authentik_groups;
+                proxy_set_header REMOTE_EMAIL $authentik_email;
+                proxy_set_header REMOTE_NAME $authentik_name;
+                proxy_set_header REMOTE_UID $authentik_uid;
+            <% end %>
+
+            include config-lmm/proxy.conf;
+        }
+    <% end %>
+
+    <% if config['AuthentikDomain'] %>
+        location /outpost.goauthentik.io {
+            proxy_pass              https://<%= config['AuthentikDomain'] %>/outpost.goauthentik.io;
+            proxy_ssl_protocols     TLSv1.2 TLSv1.3;
+            proxy_set_header        X-Original-URL $scheme://$http_host$request_uri;
+            proxy_pass_request_body off;
+            proxy_set_header        Content-Length "";
+        }
 
-        #passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
-        #limit_req zone=one burst=5;
-    }
+        location @authenticate {
+            internal;
+            return 302 /outpost.goauthentik.io/start?rd=$request_uri;
+        }
+    <% end %>
 }

data/Plugins/Apps/gollum/gollum.container

@@ -0,0 +1,15 @@
+[Unit]
+Description=gollum container
+After=local-fs.target
+
+[Container]
+Image=docker.io/gollumwiki/gollum:master
+Exec=--config=/config/config.rb
+PublishPort=0.0.0.0:14567:4567
+UserNS=keep-id:uid=1000,gid=1000
+Volume=/srv/gollum/repo:/wiki
+Volume=/srv/gollum/config:/config
+AutoUpdate=registry
+
+[Install]
+WantedBy=multi-user.target default.target

data/Plugins/Apps/gollum/gollum.lmm.rb

@@ -4,15 +4,14 @@ module ConfigLMM
         class Gollum < Framework::NginxApp
 
             NAME = 'gollum'
+            USER = 'gollum'
             GOLLUM_PATH = '/srv/gollum'
+            GOLLUM_PORT = '14567'
 
             def actionGollumBuild(id, target, activeState, context, options)
-                if !target['Root'] && (!target['Location'] || target['Location'] == '@me')
-                    target['Root'] = File.dirname(`gem which gollum`.strip) + '/gollum/public'
-                end
                 writeNginxConfig(__dir__, NAME, id, target, activeState, context, options)
                 targetDir = options['output'] + GOLLUM_PATH
-                mkdir(targetDir, options['dry'])
+                mkdir(targetDir + '/config', options['dry'])
                 copy(__dir__ + '/config.ru', targetDir, options['dry'])
                 `git init #{targetDir}/repo`
             end
@@ -22,16 +21,54 @@ module ConfigLMM
             end
 
             def actionGollumDeploy(id, target, activeState, context, options)
-                if !target['Location'] || target['Location'] == '@me'
+                if target['Location'] && target['Location'] != '@me'
+                    uri = Addressable::URI.parse(target['Location'])
+                    self.class.sshStart(uri) do |ssh|
+                        if !target.key?('Proxy') || !!target['Proxy']
+                            self.class.prepareNginxConfig(target, ssh)
+                            if !target['Root']
+                                gollumPath = ssh.exec!('gem which gollum').strip
+                                target['Root'] = File.dirname(gollumPath) + '/gollum/public'
+                            end
+                            writeNginxConfig(__dir__, NAME, id, target, state, context, options)
+                            deployNginxConfig(id, target, activeState, context, options)
+                        end
+                        if !target.key?('Proxy') || target['Proxy'] != 'only'
+                            distroInfo = Framework::LinuxApp.currentDistroInfo(ssh)
+                            Framework::LinuxApp.configurePodmanServiceOverSSH(USER, GOLLUM_PATH, 'gollum', distroInfo, ssh)
+                            if target['Config']
+                                `cp #{target['Config']} #{options['output'] + GOLLUM_PATH}/config/config.rb`
+                            else
+                                `touch #{options['output'] + GOLLUM_PATH}/config/config.rb`
+                            end
+                            self.class.uploadFolder(options['output'] + GOLLUM_PATH, '/srv', ssh)
+                            path = Framework::LinuxApp::SYSTEMD_CONTAINERS_PATH.gsub('~', GOLLUM_PATH)
+                            ssh.scp.upload!(__dir__ + '/gollum.container', path)
+                            self.class.sshExec!(ssh, "chown -R #{USER}:#{USER} #{GOLLUM_PATH}")
+                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ daemon-reload")
+                            self.class.sshExec!(ssh, "systemctl --user --machine=#{USER}@ restart gollum")
+                            if target['Proxy'] != 'only'
+                                Framework::LinuxApp.firewallAddPortOverSSH(GOLLUM_PORT + '/tcp', ssh)
+                            end
+                        end
+                    end
+                else
                     targetDir = GOLLUM_PATH
                     mkdir(targetDir, options['dry'])
-                    deployNginxConfig(id, target, activeState, context, options)
-                    copy(options['output'] + GOLLUM_PATH + '/config.ru', GOLLUM_PATH, options['dry'])
-                    copyNotPresent(options['output'] + GOLLUM_PATH + '/repo', GOLLUM_PATH, options['dry'])
-                    chown('http', 'http', GOLLUM_PATH, options['dry'])
+                    if !target.key?('Proxy') || !!target['Proxy']
+                        self.class.prepareNginxConfig(target)
+                        if !target['Root']
+                            target['Root'] = File.dirname(`gem which gollum`.strip) + '/gollum/public'
+                        end
+                        writeNginxConfig(__dir__, NAME, id, target, state, context, options)
+                        deployNginxConfig(id, target, activeState, context, options)
+                    end
+                    if !target.key?('Proxy') || target['Proxy'] != 'only'
+                        copy(options['output'] + GOLLUM_PATH + '/config.ru', GOLLUM_PATH, options['dry'])
+                        copyNotPresent(options['output'] + GOLLUM_PATH + '/repo', GOLLUM_PATH, options['dry'])
+                        chown('http', 'http', GOLLUM_PATH, options['dry'])
+                    end
                     activeState['Location'] = '@me'
-                else
-                    # TODO
                 end
             end
 

data/Plugins/OS/Linux/Debian/preseed.cfg.erb

@@ -0,0 +1,62 @@
+#_preseed_V1
+
+d-i debian-installer/locale string en_US
+d-i keyboard-configuration/xkb-keymap select us
+
+<% if config['Network'].is_a?(Hash) %>
+d-i netcfg/disable_autoconfig boolean true
+d-i netcfg/dhcp_failed note
+d-i netcfg/dhcp_options select Configure network manually
+
+d-i netcfg/get_ipaddress string <%= config['Network']['IP'].split('/').first %>
+d-i netcfg/get_netmask string <%= [((1 << 32) - 1) << (32 - config['Network']['IP'].split('/').last.to_i)].pack('N').bytes.join('.') %>
+d-i netcfg/get_gateway string <%= config['Network']['Gateway'] %>
+d-i netcfg/get_nameservers string <%= config['Network']['DNS'] %>
+d-i netcfg/confirm_static boolean true
+<% end %>
+
+d-i netcfg/get_hostname string <%= Addressable::IDNA.to_ascii(config['Domain']) %>
+
+d-i passwd/make-user boolean false
+
+<% if config['Users'].to_h['root'].to_h['PasswordHash'] %>
+d-i passwd/root-password-crypted password <%= config['Users']['root']['PasswordHash'] %>
+<% elsif config['Users'].to_h['root'].to_h['Password'] %>
+d-i passwd/root-password password <%= config['Users']['root']['Password'] %>
+<% end %>
+
+d-i time/zone string UTC
+
+d-i partman-auto/method string regular
+d-i partman-auto/choose_recipe select atomic
+d-i partman/choose_partition select finish
+d-i partman/confirm_nooverwrite boolean true
+
+d-i base-installer/install-recommends boolean false
+d-i apt-setup/cdrom/set-first boolean false
+d-i apt-setup/non-free-firmware boolean true
+d-i apt-setup/non-free boolean true
+d-i apt-setup/contrib boolean true
+d-i apt-setup/use_mirror boolean true
+d-i mirror/country string US
+d-i mirror/http/mirror select deb.debian.org
+d-i mirror/http/proxy string
+
+d-i pkgsel/run_tasksel boolean false
+
+<% if !config['Apps'].to_a.empty? %>
+d-i pkgsel/include string <%= config['Apps'].map(&:downcase).join(' ') %>
+<% end %>
+
+d-i pkgsel/upgrade select full-upgrade
+
+popularity-contest popularity-contest/participate boolean false
+
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/bootdev  string default
+
+d-i finish-install/reboot_in_progress note
+
+<% if !config['Users'].to_h['root'].to_h['AuthorizedKeys'].empty? %>
+d-i preseed/late_command string in-target sh -c "echo '<%= config['Users']['root']['AuthorizedKeys'].first %>' > /root/.ssh/authorized_keys"
+<% end %>

data/Plugins/OS/Linux/Distributions.yaml

@@ -2,5 +2,47 @@
 opensuse-leap:
     Name: openSUSE Leap
     InstallPackage: zypper install --no-confirm
+    RemovePackage: zypper remove --no-confirm
     AutoStartService: systemctl enable
     StartService: systemctl start
+    RestartService: systemctl restart
+    ReloadService: systemctl reload
+    StopService: systemctl stop
+    DisableService: systemctl disable
+    ReloadServiceManager: systemctl daemon-reload
+    CreateServiceUser: useradd --system --shell /usr/sbin/nologin --user-group
+    ModifyUser: usermod
+    DeleteUser: userdel --remove --force
+    DeleteGroup: groupdel
+
+arch:
+    Name: Arch Linux
+    InstallPackage: pacman -S --noconfirm --needed
+    RemovePackage: pacman --remove --noconfirm
+    AutoStartService: systemctl enable
+    StartService: systemctl start
+    RestartService: systemctl restart
+    ReloadService: systemctl reload
+    StopService: systemctl stop
+    DisableService: systemctl disable
+    ReloadServiceManager: systemctl daemon-reload
+    CreateServiceUser: useradd --system --shell /usr/sbin/nologin --user-group
+    ModifyUser: usermod
+    DeleteUser: userdel --remove --force
+    DeleteGroup: groupdel
+
+debian:
+    Name: Debian
+    InstallPackage: DEBIAN_FRONTEND=noninteractive apt-get install --assume-yes
+    RemovePackage: apt-get remove --assume-yes
+    AutoStartService: systemctl enable
+    StartService: systemctl start
+    RestartService: systemctl restart
+    ReloadService: systemctl reload
+    StopService: systemctl stop
+    DisableService: systemctl disable
+    ReloadServiceManager: systemctl daemon-reload
+    CreateServiceUser: useradd --system --shell /usr/sbin/nologin --user-group
+    ModifyUser: usermod
+    DeleteUser: userdel --remove --force
+    DeleteGroup: groupdel

data/Plugins/OS/Linux/Flavours.yaml

@@ -0,0 +1,11 @@
+openSUSE Leap:
+    ISO: https://download.opensuse.org/distribution/leap/15.6/iso/openSUSE-Leap-15.6-NET-x86_64-Media.iso
+
+Arch Linux:
+    ISO: https://mirror.rackspace.com/archlinux/iso/2024.10.01/archlinux-x86_64.iso
+
+Debian:
+    ISO: https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.7.0-amd64-netinst.iso
+
+Proxmox VE:
+    ISO: https://enterprise.proxmox.com/iso/proxmox-ve_8.2-2.iso