systemd unit
For bare-metal and self-hosted runners where Docker or Kubernetes isn't an option, the agent runs as a single static binary under systemd with Type=notify integration — start it once and every job on the host is covered.
Install & run
bash
# place the static binary + unit, then:
sudo systemctl enable --now dpndncy-agent
systemctl status dpndncy-agentConfiguration
/etc/dpndncy-agent/agent.yaml
server: https://dpndncy.example.com
token_file: /etc/dpndncy-agent/token
mode: observe # observe | learn | enforce
signing_key: /etc/dpndncy-agent/keys/agent.key
egress:
allowlist: /etc/dpndncy-agent/allowlist.yaml- Per-host keypair lives under
/etc/dpndncy-agent/keys/. - Logs go to the journal —
journalctl -u dpndncy-agent -f. - Type=notify means systemd only considers the unit started once the BPF programs are attached.
Atomic upgrades
Upgrade by swapping the static binary and restarting the unit — no runtime dependencies to update.