# Instructions for installing Pi-hole 4.2 on UniFi CloudKey Gen 1 (UC-CK) running firmware 0.13.6
# Pi-hole will need to be completely re-installed after every FW update or if CloudKey is reset to defaults.

# Verify UC-CK is running firmware v0.13.6 (or later) before installing Pi-hole. If not, do:
ubnt-systool fwupdate https://dl.ubnt.com/unifi/stage/cloudkey/firmware/UCK/UCK.mtk7623.v0.13.6.7ad551e.190225.0939.bin

# UC-CK firmware v0.13.6 downgrades UniFi Controller to 5.10.17. Upgrade to 5.10.19 with:
cd /tmp
wget https://dl.ubnt.com/unifi/5.10.19/unifi_sysvinit_all.deb
dpkg -i unifi_sysvinit_all.deb

# All following commands will executed with sudo
sudo -i

# Update local package lists
apt-get update

# Install dnsmasq
apt-get install dnsmasq

# Downgrade to a specific 'libsqlite3-0' so Pi-hole script can install 'sqlite3'
apt-get install libsqlite3-0=3.8.7.1-1+deb8u4

# Install back-ported version of 'ifupdown' so Pi-hole script can install 'resolvconf'
apt-get install ifupdown=0.8.13~bpo8+1

# See that port 53 already in use by 'systemd-resolved'
netstat -plnt | grep :53

#Turn off local 'systemd-resolved'
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved.service

# Download Pi-hole installation script and run locally
cd /tmp
wget -O basic-install.sh https://install.pi-hole.net
bash basic-install.sh

# During install, select 'eth0' for adapter, otherwise use all defaults

# Following install, set Pi-hole admin password
pihole -a -p

# Test Pi-hole DNS resolution -- resulting IP address(es) should be valid
dig @127.0.0.1 ui.com

# Test Pi-hole blocking -- resulting IP address should be '0.0.0.0'
dig @127.0.0.1 googleadservices.com

# Change Pi-hole web admin interface to port 81 (port 80 already used by UC-CK GUI)
sed -ie 's/= 80/= 81/g' /etc/lighttpd/lighttpd.conf

#Restart Pi-hole web admin interface
/etc/init.d/lighttpd restart

# Show Pi-hole chronometer (CTRL + C to exit)
pihole -c

# Go to http://ip.addr.of.cloudkey:81/admin/ to configure additional settings.

# OPTIONAL: UC-CK also supports these instructions for running unbound so your UC-CK can be an all-around DNS solution:
# https://docs.pi-hole.net/guides/unbound/