rule dot_ssh_on { A D } {
  home_dir_on A H
  directory_in H '.ssh' D
  mode D '0700'
}

rule authorized_keys_on { A F } {
  dot_ssh_on A D
  file_in D 'authorized_keys' F
  mode F '0600'
}

rule key_installed_on { A K } {
  authorized_keys_on A F
  contains_line F K
}

rule my_config_dir D {
  home_dir_on '' H
  directory_in H '.keymangler' D
}

rule config_contains_line { C L } {
  my_config_dir D
  file_in D C F
  contains_line F L
}

rule known_account A { config_contains_line 'accounts' A }
rule known_key K { config_contains_line 'keys' K }
rule known_dead D { config_contains_line 'keys.dead' D }

rule sync_account A {
  foreach K { known_key K } { key_installed_on A K }
}