Supported platforms
The agent is a single static binary for Linux and macOS, on amd64 and arm64. It runs anywhere those do — but running and collecting everything are different questions, so here is the honest breakdown.
The short version
| Platform | Status |
|---|---|
| Debian, Ubuntu (and derivatives) | Fully supported — every collector works. |
| Other systemd Linux (RHEL, Rocky, AlmaLinux, Fedora, CentOS Stream, openSUSE, Arch) | Core monitoring works. Package updates, vulnerabilities and vhost discovery do not — see below. |
| Alpine / non-systemd Linux | Core monitoring works. No service inventory (no systemd), no packages. |
| macOS | Development and testing only. Metrics and host facts; no services, packages, domains or certificates. |
Feature matrix
| Feature | Debian / Ubuntu | Other systemd Linux | Alpine / non-systemd | macOS |
|---|---|---|---|---|
| Host facts (OS, kernel, arch, reboots) | ✅ | ✅ | ✅ | ✅ |
| CPU / memory / disk / load metrics | ✅ | ✅ | ✅ | ✅ |
| IPv4 / IPv6 addresses (incl. failover IPs) | ✅ | ✅ | ✅ | ✅ |
| Health score & alerting | ✅ | ✅ | ✅ | partial |
| Service inventory (running / failed units) | ✅ | ✅ | ❌ | ❌ |
| Installed package inventory | ✅ | count only | ❌ | ❌ |
| Pending & security updates | ✅ | ❌ | ❌ | ❌ |
| Vulnerability scanning (CVEs) | ✅ | ❌ | ❌ | ❌ |
| Domain / vhost discovery | ✅ | ❌ | ❌ | ❌ |
| TLS certificate expiry | ✅ | ✅ | ✅ | ✅ |
Why the gaps
These are not arbitrary — each one maps to a concrete source the agent reads:
- Metrics and host facts come from
/procand standard system calls, so they work on any Linux, whatever the distribution or init system. - Service inventory asks
systemdfor its units. Hosts without systemd (Alpine’s OpenRC, older SysV systems) report no services. - Packages, updates and vulnerabilities are read with
dpkgandapt. On RPM hosts the agent can count installed packages (rpm -qa) but not list them with versions — and without a version list there is nothing to match CVEs against, so vulnerability scanning is unavailable there. - Domain discovery parses Apache and Nginx vhosts from the Debian/Ubuntu layout (
/etc/apache2/sites-enabled,/etc/nginx/sites-enabled). RHEL-family hosts keep them inconf.d, which the agent does not read yet. - TLS certificate expiry works everywhere, because Demerzel checks it from the server side — it connects to your domains and reads the certificate they present, rather than relying on the agent reading files it has no privilege to open.
Nothing silently half-works. A collector that cannot run on a host simply reports nothing, and the corresponding panel stays empty — it never guesses or reports a misleading zero. The Health Score accounts for this: an unmeasurable factor lowers coverage, it does not invent a bad score.
Roadmap
RPM package inventory (rpm -qa --queryformat) and dnf/yum update detection are the next platform work — that single addition brings full package and vulnerability coverage to the RHEL family. RHEL-layout vhost discovery follows.
If a platform matters to you, tell us — real demand decides the order.