eg25-control: fix sandboxing (at least, for --power-on)

hosts/common/programs/eg25-control.nix

@@ -7,8 +7,12 @@ in
     suggestedPrograms = [ "mmcli" ];
 
     sandbox.extraPaths = [
-      "/dev/gpiochip1"
+      "/dev/gpiochip0"  # Pinephone Pro
-      "/sys/class/modem-power"
+      "/dev/gpiochip1"  # Pinephone
+      "/dev/gpiochip3"  # Pinephone Pro
+      # "/sys/class/modem-power"
+      "/sys/bus/gpio"
+      "/sys/dev/char"
       "/sys/devices"
       # "/var/lib/eg25-control"
     ];
@@ -60,11 +64,9 @@ in
     # wantedBy = [ "network-online.target" ]; # auto-start immediately after boot
   };
 
-  services.udev.extraRules = let
+  services.udev.extraRules = lib.optionalString cfg.enabled ''
-    chmod = lib.getExe' pkgs.coreutils "chmod";
+    # make modem controllable by user
-    chown = lib.getExe' pkgs.coreutils "chown";
+    # DRIVER=="modem-power", RUN+="chmod g+w /sys%p/powered", RUN+="chown :networkmanager /sys%p/powered"
-  in lib.optionalString cfg.enabled ''
+    SUBSYSTEM=="gpio", MODE="660" GROUP="input"
-    # make Modem controllable by user
-    DRIVER=="modem-power", RUN+="${chmod} g+w /sys%p/powered", RUN+="${chown} :networkmanager /sys%p/powered"
   '';
 }