feat(nginx): add rate limiting with per-domain overrides

- Global rate limit: 10 req/s with burst of 20
- Connection limit: 30 concurrent per IP
- Per-domain override support (requests, burst, enable/disable)
- SearXNG gets higher limits (20/40) to tolerate bot traffic
- Returns 429 when rate limited

configuration.nix

@@ -101,11 +101,19 @@
   myModules.nginx = {
     enable = true;
     email = "info@ashisgreat.xyz";
+    rateLimit = {
+      enable = true;
+      requests = 10;
+      burst = 20;
+    };
     domains = {
       "search.ashisgreat.xyz" = {
         port = 8888;
         # SearXNG sets its own CSP in settings.yml — omit at Nginx level to avoid conflicts
         contentSecurityPolicy = null;
+        # Search engine — slightly more permissive for bot traffic
+        rateLimit.requests = 20;
+        rateLimit.burst = 40;
       };
     };
   };