Adjust some more nginx fail2ban

nix/modules/nixos/services/nginx/default.nix

@@ -137,7 +137,7 @@ in
       nginx-botsearch = {
         settings = {
           filter = "nginx-botsearch";
-          action = ''${config.services.fail2ban.banaction}[name=HTTP, port="http,https"]'';
+          port = "http,https";
           logpath = "/var/log/nginx/access.log";
           backend = "auto";
           findtime = 600;
@@ -147,7 +147,7 @@ in
       nginx-bad-request = {
         settings = {
           filter = "nginx-bad-request";
-          action = ''${config.services.fail2ban.banaction}[name=HTTP, port="http,https"]'';
+          port = "http,https";
           logpath = "/var/log/nginx/access.log";
           backend = "auto";
           findtime = 600;
@@ -157,9 +157,8 @@ in
       nginx-req-limit = {
         settings = {
           filter = "nginx-limit-req";
-          action = ''${config.services.fail2ban.banaction}[name=HTTP, port="http,https"]'';
+          port = "http,https";
-          logpath = "/var/log/nginx/access.log";
+          backend = "systemd";
-          backend = "auto";
           findtime = 600;
           maxretry = 3;
         };
@@ -192,7 +191,7 @@ in
       recommendedZstdSettings = lib.mkDefault true;
       recommendedProxySettings = lib.mkDefault true;
       appendHttpConfig = ''
-        limit_req_zone $binary_remote_addr zone=nobots:10m rate=50r/s;
+        limit_req_zone $binary_remote_addr zone=nobots:10m rate=5r/s;
         map $scheme $hsts_header {
           https "max-age=63072000; preload";
         }
@@ -271,7 +270,7 @@ in
             else
               '''';
           reqLimit = lib.strings.optionalString value.rateLimit.enable ''
-            limit_req zone=nobots burst=5 nodelay;
+            limit_req zone=nobots burst=20 nodelay;
           '';
           extraConfig = ''
             ${mtls}