====== NextCloud ====== All Sterrewacht users have access to our own NextCloud server. You can use your Sterrewacht account to login. The **Online Accounts** is supported for some major desktops, such as Gnome, Cinnamon and KDE Plasma. ====== Nextcloud two-factor authentication ====== We are moving towards adding two-factor authentication to our nextcloud server Users will now see a button below the login form, labeled "STRW Identity provider". If you are a **new user**, without an existing nextcloud account on our server, click there, and you will be directed to the ''keycloak'' login window, and once authenticated, an account in nextcloud is made, connected to the strw account. Or, if you were already logged in (eg for webmail or intraneet), you will only see you are immediately logged in to your new nextcloud account. __However__, for **existing users** who already have an account in nextcloud, this is not the right way, since the procedure outlined above creates a new user account. So, if an account already exists with your e-mail address, an error message will be shown, and the system will prevent you from accidentally creating a new account, overwriting your old one (and loosing any files). {{ :linux:nextcloud-sociallogin-usersettings.png?400|}} So, the correct way for existing users, is to login as usual without 2FA, and then go to your own profile menu, and open the settings page. In the "Social login" entry, the user can see the "STRW Identity provider" under "Available providers". Clicking that button will bring them to the keycloak login page, and once authenticated there, the existing account in nextcloud is connected to the strw account in keycloak. When the user already happens to be logged in through keycloak, they will immediately see the identity provider button here. From then on, the user can use the "STRW Identity provider" button on the nextcloud login page to log in through keycloak (or be logged in immediately if already logged in to another keycloak-enabled site) We will give users sufficient time to do these setup steps before we disable the simple login without two-factor code. But the plan is, to allow only two-factor logins on the website some time next year (2026, to be announced). ===== App passwords ===== Since not all apps and file managers have a way to ask for the 2nd authentication factor, and since it is rather inconvenient to generate a 6-digit code every time you connect the app, Nextcloud supports "app passwords", which take the place of your actual password, but they only work for an app or program, and not for full access to the site. {{:linux:nextcloud-app-passwords-1.png?400 |}} To generate an app password, log in on the nextcloud site, click on your profile name or picture (top right corner, it will show your initials or a chosen picture). From the menu, select "personal settings" and then "security". There might be a short or long list of previous sessions; below that at the bottom of the page, is a field "App name" with a button "Create new app password" next to it. Simply type a name in the "App name" field and click the button. Now a window will pop up showing the generated password. Either type this into the password field of the app you are configuring (eg the Linux desktop "Online Accounts" preferences dialog), or press the button to display a QR code, which can be scanned into mobile apps, such as the Nextcloud app on Android or iOS. By the way, the "personal settings" menu also has an entry called "Mobile & desktop" which has the links to these mobile apps ===== Enable NextCloud in a file manager ===== ==== Create Online Account ==== On your Linux PC open **Online Accounts** interface and create a new account by clicking on the NextCloud button. You can search for Online Accounts in your main search interface or access it via the main system settings interface. Use https://nextcloud.strw.leidenuniv.nl/ for the Server field. For the Username and Password fields use your Sterrewacht credentials. {{ :linux:nextcloud-account-1.png?nolink&400 |}} Alternatively, and probably better now that we are moving towards two-factor authentication for nextcloud, one can generate an "app password" from the web interface of nextcloud, and use that password here in stead of your actual password. ==== Use File Manager ==== After succefully creating an Online Account for NextCloud, you must be able to use your file manager to access your files. It will be shown on the left pane of the file manager window. ===== Keyring password ===== In case you get a window with a request to enter your keyring password and you can't skip it, provide the password. If you don't know the password you will need to disable it for this session. For this open **Passwords and Keys** application and delete the record with name **Login** (right click). It will be recreated during your next login. ====== Nextcloud desktop app ====== Our Linux workstations also have a Nextcloud desktop app installed; this is a different method to work with nextcloud, so you can use this in stead of the Online Accounts method. This app can be found in the desktop menu. Open it, and it will add an icon to the panel or notification area of your desktop. The first time you run the app, it will pop up a configuration screen (which can be accessed later with a right-click on the icon and selecting "settings"). This app is different than the online accounts method: it synchronizes your nextcloud account with a local directory. As with many Linux apps, the default location will be in your home directory, and of course, there will not be sufficient space for that. Luckily, you can select the location where you want the synchronization to take place once you have completed the setup. Alternatively, you can move the folder to a data disk and make a symbolic link to this location: mv $HOME/Nextcloud /net/computername/data2/yourname/Nextcloud ln -s /net/computername/data2/yourname/Nextcloud $HOME/Nextcloud This should be done when the app is not running, and of course, fill in the computername and username in stead of literally copying this example.