From 99bacfd5f0eedb4e8fed2599d05603731b799aac Mon Sep 17 00:00:00 2001
From: Guillermo Guirao Aguilar <ggaguilar@gmail.com>
Date: Thu, 18 Dec 2025 05:51:35 +0100
Subject: [PATCH 1/4] Update DKIM records

---
 constructs/dns.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/constructs/dns.ts b/constructs/dns.ts
index 38542d0..f2ba676 100644
--- a/constructs/dns.ts
+++ b/constructs/dns.ts
@@ -106,7 +106,7 @@ export class DNS extends Construct {
     });
 
     new Route53Record(this, "dkim-ecc-record", {
-      name: "202509e._domainkey." + this.zone.name,
+      name: "202512e._domainkey." + this.zone.name,
       zoneId: this.zone.zoneId,
       type: "TXT",
       ttl: 300,
@@ -116,7 +116,7 @@ export class DNS extends Construct {
     });
 
     new Route53Record(this, "dkim-rsa-record", {
-      name: "202509r._domainkey." + this.zone.name,
+      name: "202512e._domainkey." + this.zone.name,
       zoneId: this.zone.zoneId,
       type: "TXT",
       ttl: 300,

From 6a42a09de66cf0e2491ccc6f313a42306d53c577 Mon Sep 17 00:00:00 2001
From: Guillermo Guirao Aguilar <ggaguilar@gmail.com>
Date: Fri, 19 Dec 2025 07:20:27 +0100
Subject: [PATCH 2/4] Update the backup lifecycle policy

---
 constructs/s3.ts | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/constructs/s3.ts b/constructs/s3.ts
index 742032b..8f71206 100644
--- a/constructs/s3.ts
+++ b/constructs/s3.ts
@@ -30,25 +30,33 @@ export class S3 extends Construct {
         },
       });
 
-      let lifecycleRules: S3BucketLifecycleConfigurationRule[] = [
-        {
-          id: "Trashcan",
-          status: "Enabled",
-          abortIncompleteMultipartUpload: [{ daysAfterInitiation: 7 }],
-          noncurrentVersionExpiration: [{ noncurrentDays: 90 }],
-          filter: [{ prefix: "" }],
-        },
-      ];
-
+      let lifecycleRules: S3BucketLifecycleConfigurationRule[] = [];
       if (name == "backups") {
         lifecycleRules = lifecycleRules.concat([
           {
             id: "Backups",
             status: "Enabled",
-            expiration: [{ days: 14 }],
+            expiration: [{ days: 30 }],
+            filter: [{ prefix: "stalwart/" }],
+          },
+          {
+            id: "Trashcan",
+            status: "Enabled",
+            abortIncompleteMultipartUpload: [{ daysAfterInitiation: 1 }],
+            noncurrentVersionExpiration: [{ noncurrentDays: 10 }],
             filter: [{ prefix: "stalwart/" }],
           },
         ]);
+      } else {
+        lifecycleRules = lifecycleRules.concat([
+          {
+            id: "Trashcan",
+            status: "Enabled",
+            abortIncompleteMultipartUpload: [{ daysAfterInitiation: 7 }],
+            noncurrentVersionExpiration: [{ noncurrentDays: 90 }],
+            filter: [{ prefix: "" }],
+          },
+        ]);
       }
 
       new S3BucketLifecycleConfiguration(this, `${name}-lifecycle`, {

From 5710696686d4b6f79d58cfe217be649a4e48482a Mon Sep 17 00:00:00 2001
From: Guillermo Guirao Aguilar <ggaguilar@gmail.com>
Date: Fri, 19 Dec 2025 17:01:07 +0100
Subject: [PATCH 3/4] Fix MTA STS discovery

---
 assets/podman/caddy/Caddyfile | 1 +
 constructs/dns.ts             | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/assets/podman/caddy/Caddyfile b/assets/podman/caddy/Caddyfile
index 5e5135d..05fcde9 100644
--- a/assets/podman/caddy/Caddyfile
+++ b/assets/podman/caddy/Caddyfile
@@ -39,6 +39,7 @@ maps.guirao.net {
 }
 
 mail.guirao.net,
+mta-sts.guirao.net,
 autoconfig.guirao.net,
 autodiscover.guirao.net {
 	reverse_proxy host.containers.internal:8080 {
diff --git a/constructs/dns.ts b/constructs/dns.ts
index f2ba676..34e9ed0 100644
--- a/constructs/dns.ts
+++ b/constructs/dns.ts
@@ -194,7 +194,7 @@ export class DNS extends Construct {
       zoneId: this.zone.zoneId,
       type: "TXT",
       ttl: 300,
-      records: ["v=STSv1; id=8777202045385525987"],
+      records: ["v=STSv1; id=20251219"],
     });
 
     new Route53Record(this, "txt-dmarc-record", {

From 17ff465b534dcacde1683665134e04445bba6184 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Dec 2025 01:19:43 +0000
Subject: [PATCH 4/4] Bump @types/node from 24.10.4 to 25.0.3

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.4 to 25.0.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 794375e..825c901 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
   },
   "devDependencies": {
     "@types/jest": "^30",
-    "@types/node": "^24",
+    "@types/node": "^25",
     "jest": "^30",
     "ts-jest": "^29",
     "ts-node": "^10",