diff --git a/nodes/zerotier-1.json b/nodes/zerotier-1.json
index edf4973..13454ae 100644
--- a/nodes/zerotier-1.json
+++ b/nodes/zerotier-1.json
@@ -12,13 +12,14 @@
     "hostname": "zerotier-1",
     "ipaddress": "192.168.122.72",
     "roles": [
-
+      "zerotier_controller"
     ],
     "recipes": [
       "kosmos-base",
       "kosmos-base::default",
       "kosmos_zerotier::controller",
       "kosmos_zerotier::firewall",
+      "kosmos_zerotier::zncui",
       "apt::default",
       "timezone_iii::default",
       "timezone_iii::debian",
@@ -52,4 +53,4 @@
     "recipe[kosmos-base]",
     "role[zerotier_controller]"
   ]
-}
+}
\ No newline at end of file
diff --git a/roles/zerotier_controller.rb b/roles/zerotier_controller.rb
index e5b1a9b..105a0cf 100644
--- a/roles/zerotier_controller.rb
+++ b/roles/zerotier_controller.rb
@@ -3,4 +3,5 @@ name "zerotier_controller"
 run_list %w(
   kosmos_zerotier::controller
   kosmos_zerotier::firewall
+  kosmos_zerotier::zncui
 )
diff --git a/site-cookbooks/kosmos_zerotier/attributes/default.rb b/site-cookbooks/kosmos_zerotier/attributes/default.rb
index 5f017af..5031534 100644
--- a/site-cookbooks/kosmos_zerotier/attributes/default.rb
+++ b/site-cookbooks/kosmos_zerotier/attributes/default.rb
@@ -1 +1,6 @@
-node.default["kosmos_zerotier"]["server_port"] = 9993
+node.default['kosmos_zerotier']['server_port'] = 9993
+
+node.default['ztncui']['version'] = '0.6.6'
+node.default['ztncui']['checksum'] = 'fa83679266a571c10e13b11293ebfb9d1c3515019f2af1e7dd066b5a37411018'
+node.default['ztncui']['http_all_interfaces'] = true
+node.default['ztncui']['http_allow_access_from'] = '10.1.1.0/24'
diff --git a/site-cookbooks/kosmos_zerotier/recipes/zncui.rb b/site-cookbooks/kosmos_zerotier/recipes/zncui.rb
new file mode 100644
index 0000000..8818488
--- /dev/null
+++ b/site-cookbooks/kosmos_zerotier/recipes/zncui.rb
@@ -0,0 +1,40 @@
+#
+# Cookbook:: kosmos_zerotier
+# Recipe:: zncui
+#
+
+package_path = "/opt/ztncui_#{node['ztncui']['version']}_amd64.deb"
+
+remote_file package_path do
+  source "https://s3-us-west-1.amazonaws.com/key-networks/deb/ztncui/1/x86_64/ztncui_#{node['ztncui']['version']}_amd64.deb"
+  checksum node['ztncui']['checksum']
+  action :create_if_missing
+  notifies :run, 'bash[install_ztncui_package]', :immediately
+end
+
+bash 'install_ztncui_package' do
+ code "apt-get install -y #{package_path}"
+ action :nothing
+end
+
+service "ztncui" do
+  action [:enable, :start]
+end
+
+template '/opt/key-networks/ztncui/.env' do
+  source 'ztncui.env.erb'
+  mode '0644'
+  variables http_all_interfaces: node['ztncui']['http_all_interfaces']
+  notifies :restart, 'service[ztncui]', :delayed
+end
+
+include_recipe 'kosmos-base::firewall'
+
+if node['ztncui']['http_allow_access_from']
+  firewall_rule 'zncui_http' do
+    port     3000
+    protocol :tcp
+    command  :allow
+    source   node['ztncui']['http_allow_access_from']
+  end
+end
diff --git a/site-cookbooks/kosmos_zerotier/templates/ztncui.env.erb b/site-cookbooks/kosmos_zerotier/templates/ztncui.env.erb
new file mode 100644
index 0000000..23d9793
--- /dev/null
+++ b/site-cookbooks/kosmos_zerotier/templates/ztncui.env.erb
@@ -0,0 +1 @@
+<% if @http_all_interfaces %>HTTP_ALL_INTERFACES=yes<% end %>