--- /dev/null
+rule my_config_dir D {
+ on 'localhost' {
+ directory_at D '.keymangler'
+ }
+}
+
+rule my_config_file F Name {
+ exists D { my_config_dir D; file_in D Name F }
+}
+
+rule known_account A {
+ exists F { my_config_file F 'accounts'; contains-line F A }
+}
+
+rule known_key K {
+ exists F { my_config_file F 'keys'; contains-line F K }
+}
+
+rule known_dead D {
+ exists F { my_config_file F 'keys.dead'; contains-line F D }
+}
+
+rule dot_ssh D {
+ directory_at D '.ssh' {
+ mode '0755'
+ }
+}
+
+rule keys_file_in {D F} {
+ file_in D 'authorized_keys' {
+ mode '0644'
+ }
+}
+
+rule keys_file F { exists D { dot_ssh D; keys_file_in D F } }
+
+rule key_installed K {
+ exists F {
+ keys_file F
+ contains_line F K
+ }
+}
+
+rule key_not_installed K {
+ not exists F { keys_file F }
+}
+
+rule key_not_installed K {
+ given F { keys_file F } {
+ not_contains_line F K
+ }
+}
+
+action sync_account A {
+ on A {
+ forall K { known_key K } { ensure key_installed K }
+ forall D { known_dead D } { ensure key_not_installed D }
+ }
+}
+
+action sync {
+ forall A { known_account A } {
+ sync_account A
+ }
+}
+
+action installed_on A {
+ on A {
+ forall K { key_installed K } { print K }
+ }
+}
+
+action unknown_installed_on A {
+ on A {
+ forall K { key_installed K; not known_key K } { print K }
+ }
+}