Is this ideal? No…What could ever go wrong with an unattended upgrade? Run this at your own risk!

What drove me to do this? Security and also the recent speculative execution vulnerabilities.

Update doas.conf

/etc/doas.conf
permit nopass bfrancom as root cmd /usr/sbin/pkg_add
permit nopass bfrancom as root cmd /usr/sbin/syspatch

Setup a playbook

---
- hosts: openbsd_routers
  remote_user: bobbyjoe

  tasks:
    - name: doas /usr/sbin/pkg_add -u
      command: doas /usr/sbin/pkg_add -u
    - name: doas /usr/sbin/syspatch
      command: doas /usr/sbin/syspatch

You may want to add a reboot in there.