#!/bin/bash
EFI_BOOT_DIR="${EFI_BOOT_DIR:-"/boot"}";
BOOTLOADER_ID=${BOOTLOADER_ID:-"Arch"};
bootNums="$(efibootmgr | sed "/$BOOTLOADER_ID/{ s/^.*Boot\([[:digit:]]\+\)\*.*$/\1/; p; }; d")";

yay --noconfirm -Syu secureboot-grub;

for bootNum in $bootNums;
do
    sudo efibootmgr --delete-bootnum --bootnum "$bootNum"
done;

sudo sed -i \
    -e "/esp=/{" \
        -e "a esp=\"$EFI_BOOT_DIR\"" \
        -e "d" \
    -e "}" \
    -e "/bootloader_id=/{" \
        -e "a bootloader_id=\"$BOOTLOADER_ID\"" \
        -e "d" \
    -e "}" \
    /etc/secureboot.conf;

sudo secure-grub-install;