[Guide] Installing Pi-hole on Unifi Cloudkey v1

After using a Cloudkey for a while running my Homebridge server I thought I give it a try to also run Pi-hole. The reason I’m using this Cloudkey is simple, i don’t use it anymore for what is was intended and selling it for a few bucks and buying a raspberry was a bit dumb. Also because it already have a case and PoE support was the main reason to re-use it.

This guide will install/update the following

  • Update Cloudkey OS to Debian Buster (10.x)
  • NodeJS 12.x
  • NPM 6.x.x
  • Run Pi-hole on appache2

Update Cloudkey Firmware and reset to factory defaults:

  • Download the latest Cloudkey V1 firmware.
  • Activate Recovery Mode and go to firmware update, choose the .bin file you just downloaded. If the update is done you have to reboot.
  • Once the reboot is done once again put the Cloudkey in Recovery Mode. Now do a “reset to factory defaults”, reboot once again. Wait for 2 minutes and manually power reset the Cloudkey.

Uninstalling the UniFi Controller:

  • First we need to know the local ip address of the Cloudkey, open terminal/cmd on any device and run the command arp -a . The output shows a list with local ip addresses of devices in your local network, search for the mac address that starts with "f0-9f-c2", that's your Cloudkey and before the mac address it shows your local ip address. Make a SSH connection with the Cloudkey (ssh ubnt@ip_address). The username and password are ubnt & ubnt.
  • Now that we have a ssh connection we need to uninstall the UniFi controller, you can do this with the following command sudo dpkg -P unifi

Now let's remove the sources.list entries which are mainly looking at some old repo's and UniFi repo's. SSH into your Cloudkey and run the following commands

sudo rm /etc/apt/sources.list

sudo rm /etc/apt/sources.list.d/nodejs.list

sudo rm /etc/apt/sources.list.d/security.list

sudo rm /etc/apt/sources.list.d/ubnt-unifi.list

In above steps we removed the original sources.list file. So now we need to create a new file with the next command: vi /etc/apt/sources.list and enter the following text and save the file.

deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free

deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free
deb-src http://deb.debian.org/debian-security/ buster/updates main contrib non-free

deb http://deb.debian.org/debian buster-updates main contrib non-free
deb-src http://deb.debian.org/debian buster-updates main contrib non-free

Now let's create another file vi /etc/apt/sources.list.d/nodesource.list , enter the following text and save the file.

deb https://deb.nodesource.com/node_14.x stretch main

Run the following command:

sudo apt-get update

sudo apt-get clean && sudo apt-get clean all && sudo apt-get autoclean && sudo apt-get update

Update Debian OS:

We first need to update to the newer Debian Buster 10.x, at this moment the Cloudkey is running Debian Jessie 8.x. Run command sudo apt-get update && sudo apt-get upgrade During the upgrade you may be asked what to do with the unattended-upgrades configration file, Choose to ‘Keep the local version currently installed’. Note if you get certificate errors run the command sudo apt install ca-certificates before running the Debian update command. You can run hostnamectl to see if Debian Buster update was successful installed.

Run the following commands to delete "files" we no longer use:

rm /etc/apt/apt.conf.d/50unattended-upgrades.ucf-dist

sudo apt-get remove freeradius

sudo apt-get purge freeradius

Update NodeJS 6.x to 14.x:

sudo apt update

sudo apt install nodejs

To test if you have successful installed NodeJS 14.x and NPM 6.x run the commands.

npm -v

node -v

  • Install Pi-hole using curl -sSL https://install.pi-hole.net | bash
  • Just follow the install screens but be sure to change your NIC to eth0, default is set to ethp0 but that’s not correct for the CK.
  • Run the command sudo service nginx stop , this step is important because lighttpd will not run because it using the same port 80.
  • To start lighttpd run systemctl start lighttpd and check with systemctl status lighttpd that the service is successful running.
  • Note if lighttpd is still not running you have to change the default port. For some reason when i wrote this manual i got it working without this extra step but now after a reboot Pi-hole began to use appache2 server instead of lighttpd. So if lighttpd status is running you dont need to do this extra step, otherwise use vim /etc/lighttpd/lighttpd.conf and change Server port=80 to port=8989 (or whatever port is not in use) and save with wq:
  • We need to fix another port conflict, systemd-resolved is using port 53 but FTL will also be using the same port...
  • Run sudo systemctl stop systemd-resolved
  • Use the command sudo nano /etc/systemd/resolved.conf or sudo vi /etc/systemd/resolved.conf to edit the resolved.conf file. Replace the text inside by the following code.
  • Check with systemctl restart pihole-FTL if the service status for FTL is running.
  • Use pihole -r and use the repair option, I had a error using the gravity database and this way will fix it.
  • One last step is to set a Pihole WebUI password, run the command pihole -a -p and type your password twice.

One last thing, we going to mask both systemd-resolved and nginx services. This will prevent that the services will running again on port 80 and 53 which will result in Pihole not running. Use the command systemctl mask systemd-resolvd nginx to mask both services. If you ever want to run this processes again just use the same command with a unmask flag. (Thx to /u/ztendies666 for the tip!)

That’s it, you now have Pihole running on your UniFi CK.


this.. Is awesome. I was given a brand new cloud key gen 2 plus today, I already have one for my wireless stuff. Anyone know if this process works on the newer cloud keys?


Works on Unifi Dream Machine or Dream Machine Pro too.

I also am trying to modify the /etc/fstab file but after rebooting it gets reset to default...how can I fix that?



Anyone know how to resolve the above issue with /etc/fstab?

As a side note, I was able to get pihole working on my CK Gen1 following this tutorials. I had tons of weird issues but was able to resolve them all (packages not installing, losing access to ssh, write permission issues+++).

I finally had a chance to give this a try with my old gen 1 CK. Excellent write up.

I only have two questions:

  1. Are all of the debian repositories you have listed still accurate?

  2. What is the purpose of including the deb.nodesource.com/node_14.x stretch main repository? ... and shouldn't this be buster, and not stretch?

Would you mind providing what those "weird" issues were and how you resolved them? Thanks!

Question on this. I go to install pi-hole and it asks me to keep or replace the open ssh package. If I keep it, it hangs. if I replace it I can't login via ssh anymore. Thoughts?

Your question seems to be very different from the current topic.
Also, your comment doesn't give a lot information about your system, source of install, etc.

Can you please open a new topic with your question?