rule dot_ssh_on { A D } {
  home_dir_on A H
  directory_in H '.ssh' D
  mode D '0700'
}

rule authorized_keys_on { A F } {
  dot_ssh_on A D
  file_in D 'authorized_keys' F
  mode F '0600'
}

rule key_installed_on { A K } {
  authorized_keys_on A F
  contains_line F K
}

rule key_not_installed_on { A K } {
  authorized_keys_on A F
  not_contains_line F K
}

rule my_config_dir D {
  home_dir_on '' H
  directory_in H '.keymangler' D
}

rule my_config_file { C F } {
  my_config_dir D
  file_in D C F
}

rule config_contains_line { C L } {
  my_config_file C F
  contains_line F L
}

rule config_not_contains_line { C L } {
  my_config_file C F
  not_contains_line F L
}

rule known_account A { config_contains_line 'accounts' A }
rule known_key K { config_contains_line 'keys' K }
rule known_dead D { config_contains_line 'keys.dead' D }

rule not_known_account A { config_not_contains_line 'accounts' A }
rule not_known_key K { config_not_contains_line 'keys' K }
rule not_known_dead D { config_not_contains_line 'keys.dead' D }

rule account_synchronized A {
  foreach K { known_key K } { key_installed_on A K }
}

rule all_synchronized {} {
  foreach A { known_account A } { account_synchronized A }
}

rule unknown_installed_on { A K } {
  key_installed_on A K
  not { known_key K }
}