One of the key concepts of a configuration management system is the ability to react to changes by running a command restarting a service. A state machine native to the framework is not required, simple conditionals will do.
Here we install
and reload the rules if they change
execute_with=doas etc: ./rinstall -m 600 xa10/pf.conf /etc/pf.conf && /sbin/pfctl -f /etc/pf.conf
On OpenBSD each interface is configured by a single file. We can use a loop to ensure each of them is in place
network: let changed=0 for dev in bridge0 vether0 em0 em1 em2 em3 axe0 do ./rinstall -m 640 xa10/hostname.$dev /etc/hostname.$dev && changed=1 done [ $changed -ge 0 ] && sh /etc/netstart
Since we don't want to restart the network more than once; keep count of changes and apply changes after all of them have been copied.