After using a Cloudkey for a while running my Homebridge server I thought I give it a try to also run Pi-hole. The reason I’m using this Cloudkey is simple, i don’t use it anymore for what is was intended and selling it for a few bucks and buying a raspberry was a bit dumb. Also because it already have a case and PoE support was the main reason to re-use it.
This guide will install/update the following
- Update Cloudkey OS to Debian Buster (10.x)
- NodeJS 12.x
- NPM 6.x.x
- Run Pi-hole on appache2
Update Cloudkey Firmware and reset to factory defaults:
- Download the latest Cloudkey V1 firmware.
- Activate Recovery Mode and go to firmware update, choose the .bin file you just downloaded. If the update is done you have to reboot.
- Once the reboot is done once again put the Cloudkey in Recovery Mode. Now do a “reset to factory defaults”, reboot once again. Wait for 2 minutes and manually power reset the Cloudkey.
Uninstalling the UniFi Controller:
- First we need to know the local ip address of the Cloudkey, open terminal/cmd on any device and run the command
arp -a. The output shows a list with local ip addresses of devices in your local network, search for the mac address that starts with "f0-9f-c2", that's your Cloudkey and before the mac address it shows your local ip address. Make a SSH connection with the Cloudkey (ssh ubnt@ip_address). The username and password are ubnt & ubnt. - Now that we have a ssh connection we need to uninstall the UniFi controller, you can do this with the following command
sudo dpkg -P unifi
Now let's remove the sources.list entries which are mainly looking at some old repo's and UniFi repo's. SSH into your Cloudkey and run the following commands
sudo rm /etc/apt/sources.list
sudo rm /etc/apt/sources.list.d/nodejs.list
sudo rm /etc/apt/sources.list.d/security.list
sudo rm /etc/apt/sources.list.d/ubnt-unifi.list
In above steps we removed the original sources.list file. So now we need to create a new file with the next command: vi /etc/apt/sources.list and enter the following text and save the file.
deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free
deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free
deb-src http://deb.debian.org/debian-security/ buster/updates main contrib non-free
deb http://deb.debian.org/debian buster-updates main contrib non-free
deb-src http://deb.debian.org/debian buster-updates main contrib non-free
Now let's create another file vi /etc/apt/sources.list.d/nodesource.list , enter the following text and save the file.
deb https://deb.nodesource.com/node_14.x stretch main
Run the following command:
sudo apt-get update
sudo apt-get clean && sudo apt-get clean all && sudo apt-get autoclean && sudo apt-get update
Update Debian OS:
We first need to update to the newer Debian Buster 10.x, at this moment the Cloudkey is running Debian Jessie 8.x. Run command sudo apt-get update && sudo apt-get upgrade During the upgrade you may be asked what to do with the unattended-upgrades configration file, Choose to ‘Keep the local version currently installed’. Note if you get certificate errors run the command sudo apt install ca-certificates before running the Debian update command. You can run hostnamectl to see if Debian Buster update was successful installed.
Run the following commands to delete "files" we no longer use:
rm /etc/apt/apt.conf.d/50unattended-upgrades.ucf-dist
sudo apt-get remove freeradius
sudo apt-get purge freeradius
Update NodeJS 6.x to 14.x:
sudo apt update
sudo apt install nodejs
To test if you have successful installed NodeJS 14.x and NPM 6.x run the commands.
npm -v
node -v
- Install Pi-hole using
curl -sSL https://install.pi-hole.net | bash - Just follow the install screens but be sure to change your NIC to eth0, default is set to ethp0 but that’s not correct for the CK.
- Run the command
sudo service nginx stop, this step is important because lighttpd will not run because it using the same port 80. - To start lighttpd run
systemctl start lighttpdand check withsystemctl status lighttpdthat the service is successful running. - Note if lighttpd is still not running you have to change the default port. For some reason when i wrote this manual i got it working without this extra step but now after a reboot Pi-hole began to use appache2 server instead of lighttpd. So if lighttpd status is running you dont need to do this extra step, otherwise use
vim /etc/lighttpd/lighttpd.confand change Server port=80 to port=8989 (or whatever port is not in use) and save with wq: - We need to fix another port conflict, systemd-resolved is using port 53 but FTL will also be using the same port...
- Run
sudo systemctl stop systemd-resolved - Use the command
sudo nano /etc/systemd/resolved.conforsudo vi /etc/systemd/resolved.confto edit the resolved.conf file. Replace the text inside by the following code.
[Resolve]
DNS=1.1.1.1
DNSStubListener=no
- Check with
systemctl restart pihole-FTLif the service status for FTL is running. - Use
pihole -rand use the repair option, I had a error using the gravity database and this way will fix it. - One last step is to set a Pihole WebUI password, run the command
pihole -a -pand type your password twice.
One last thing, we going to mask both systemd-resolved and nginx services. This will prevent that the services will running again on port 80 and 53 which will result in Pihole not running. Use the command systemctl mask systemd-resolvd nginx to mask both services. If you ever want to run this processes again just use the same command with a unmask flag. (Thx to /u/ztendies666 for the tip!)
That’s it, you now have Pihole running on your UniFi CK.