feat: add MDM managed app configuration support for iOS

[dbrieck]

Summary

Add Apple Managed App Configuration support, allowing MDM solutions (Jamf, Intune, Mosyle, etc.) to push NetBird configuration to managed iOS devices for zero-touch deployment.

Related to netbirdio/netbird#1918

Changes

• NetbirdKit/ManagedConfigReader.swift — Reads MDM config from UserDefaults(suiteName: "com.apple.configuration.managed"), populates Go SDK ManagedConfig, and handles setup key auto-login
• NetbirdKit/NetworkExtensionAdapter.swift — Calls applyManagedConfig() in start() before login check (iOS only)
• NetbirdNetworkExtension/PacketTunnelProvider.swift — Applies MDM config in startTunnel() before VPN connection (iOS only)

Supported MDM Keys

Key	Type	Description
managementUrl	String	Management server URL
setupKey	String	Setup key for zero-touch enrollment
adminUrl	String	Admin panel URL
preSharedKey	String	Pre-shared key for Wireguard
rosenpassEnabled	Bool	Enable Rosenpass
rosenpassPermissive	Bool	Rosenpass permissive mode
disableAutoConnect	Bool	Disable auto-connect

How It Works

1. MDM pushes managed app configuration via Apple MDM profile
2. On VPN start (both app and Network Extension), ManagedConfigReader reads from managed UserDefaults
3. Config is applied to NetBird client configuration (overrides user settings)
4. If a setup key is provided, automatic enrollment is attempted

Dependencies

• Requires Go SDK changes from feat: add MDM managed app configuration support for Android and iOS netbird#5986

[coderabbitai]

Warning

Rate limit exceeded

@dbrieck has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 47 minutes and 11 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 47 minutes and 11 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2d57a9f7-1d8a-4b5b-acfa-314e7d1c8aca

📥 Commits

Reviewing files that changed from the base of the PR and between ab2a0d8 and 5e6a597.

📒 Files selected for processing (3)

• NetbirdKit/ManagedConfigReader.swift
• NetbirdKit/NetworkExtensionAdapter.swift
• NetbirdNetworkExtension/PacketTunnelProvider.swift

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dbrieck]

@coderabbitai review

[coderabbitai]

Only users with a collaborator, contributor, member, or owner role can interact with CodeRabbit.