fix: restructure fail2ban jails per NixOS module - recidive in jails, settings attr, str bantime

hosts/lazyworkhorse/configuration.nix

@@ -357,47 +357,55 @@
   services.fail2ban = {
     enable = true;
     maxretry = 3;
-    bantime = 3600;
+    bantime = "1h";
     banaction = "iptables-multiport";
     
-    # Ban repeat offenders for 1 week
-    recidive = {
-      enabled = true;
-      filter = "recidive";
-      logpath = "/var/log/fail2ban.log";
-      bantime = 604800;
-      findtime = 86400;
-      maxretry = 3;
-    };
-    
     jails = {
       # SSH brute force protection (uses systemd journal backend)
       sshd = {
         enabled = true;
         filter = "sshd";
+        settings = {
           port = "2424";
           maxretry = 3;
-        bantime = 3600;
+          bantime = "1h";
+        };
+      };
+      
+      # Recidive - ban repeat offenders for 1 week
+      recidive = {
+        enabled = true;
+        filter = "recidive";
+        settings = {
+          logpath = "/var/log/fail2ban.log";
+          bantime = "1w";
+          findtime = "1d";
+          maxretry = 3;
+        };
       };
       
       # HTTP authentication failures (Traefik)
       http-auth = {
         enabled = true;
         filter = "traefik-auth";
+        settings = {
           port = "80,443";
           logpath = "/var/log/traefik/access.log";
           maxretry = 5;
-        bantime = 3600;
+          bantime = "1h";
+        };
       };
       
       # HTTP scanning/attacks (Traefik)
       http-botsearch = {
         enabled = true;
         filter = "traefik-botsearch";
+        settings = {
           port = "80,443";
           logpath = [ "/var/log/traefik/access.log" ];
           maxretry = 2;
-        bantime = 7200;
+          bantime = "2h";
+        };
       };
     };
   };