Simple FreeBSD rc script for mounting encrypted home directory disk image during boot time

homecrypt

#!/bin/sh

. /etc/rc.subr

# PROVIDE: homecrypt
# REQUIRE: FILESYSTEMS
# BEFORE: LOGIN

name="homecrypt"
desc="Home directory encryption"
start_cmd="homecrypt_start"
stop_cmd="homecrypt_stop"

homecrypt_start()
{
	for user in "$homecrypt_users"; do
		disk="/home/$user.crypt"

		if [ ! -f "$disk" ]; then
			echo "Encrypted home for $user not found at $disk"
			continue
		fi

		unit=$(id -u "$user")
		if ! mdconfig -a -t vnode -f "$disk" -u $unit; then
			echo "Mounting the encrypted disk for $user failed"
			continue
		fi

		attempts=0
		max_attempts=5
		while [ $attempts -ne $max_attempts ]; do
			echo "Please enter the passphrase for the encrypted home of $user"
			
			if geli attach -d "/dev/md$unit"; then
				echo "Successfully decrypted home of $user"
				break
			fi

			attempts=$(expr $attempts + 1)
		done

		if [ $attempts -eq $max_attempts ]; then
			echo "Entered the wrong passphrase for $user $max_attempts times"
			continue
		fi

		mkdir -p "/home/${user}"
		if ! mount /dev/md$unit.eli "/home/${user}"; then
			echo "Mounting decrypted home of $user failed"
			continue
		fi
	done
}

homecrypt_stop()
{
	for user in "$homecrypt_users"; do
		disk="/home/$user.crypt"
		
		if ! umount "/home/${user}"; then
			echo "Failed to unmount /home/$user"
			continue
		fi

		# Geli will detach automatically
		# ...

		if ! mdconfig -d -u "$(id -u "$name")"; then
			echo "Failed to remove memorydisk for $user"
			continue
		fi
	done
}

load_rc_config $name
run_rc_command "$1"

Usage: GELI-encrypted home directory as image file in /home/{user}.crypt.
In /etc/rc.conf: homecrypt_users="{user}"