#!/bin/bash
EFI_BOOT_DIR="${EFI_BOOT_DIR:-"/boot"}";
BOOTLOADER_ID=${BOOTLOADER_ID:-"Arch"};
bootNum="$(efibootmgr | sed "/$BOOTLOADER_ID/{ s/^.*Boot\([[:digit:]]\+\)\*.*$/\1/; p; }; d")";

yay --noconfirm -Syu secureboot-grub;
sudo efibootmgr --delete-bootnum --bootnum "$bootNum";

sudo sed -i \
    -e "/esp=/{" \
        -e "a esp=\"$EFI_BOOT_DIR\"" \
        -e "d" \
    -e "}" \
    -e "/bootloader_id=/{" \
        -e "a bootloader_id=\"$BOOTLOADER_ID\"" \
        -e "d" \
    -e "}" \
    /etc/secureboot.conf;

sudo secure-grub-install;