diff --git a/hosts/franz/arion/signal/arion-compose.nix b/hosts/franz/arion/signal/arion-compose.nix
new file mode 100644
index 0000000..61d5b5e
--- /dev/null
+++ b/hosts/franz/arion/signal/arion-compose.nix
@@ -0,0 +1,44 @@
+{pkgs, ...}: {
+  project.name = "signal";
+
+  networks.dmz = {
+    name = "dmz";
+    external = true;
+  };
+
+  services = {
+    mollysocket.service = {
+      image = "ghcr.io/mollyim/mollysocket:latest";
+      container_name = "mollysocket";
+      useHostStore = true;
+      ports = [
+        "8020:8020"
+      ];
+      command = "server";
+      working_dir = "/data";
+      labels = {
+        "traefik.enable" = "true";
+        "traefik.http.routers.mollysocket.rule" = "Host(`signal.ghoscht.com`)";
+        "traefik.http.routers.mollysocket.entrypoints" = "websecure";
+        "traefik.http.services.mollysocket.loadbalancer.server.port" = "8020";
+        "traefik.http.routers.mollysocket.tls" = "true";
+        "traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt";
+      };
+      volumes = [
+        "/home/ghoscht/.docker/signal/mollysocket_data:/data"
+      ];
+      environment = {
+        MOLLY_DB = "/data/mollysocket.db";
+        MOLLY_ALLOWED_ENDPOINTS = "['https://push.ghoscht.com','*]";
+        MOLLY_ALLOWED_UUIDS = "['*']";
+        MOLLY_HOST = "0.0.0.0";
+        MOLLY_PORT = 8020;
+        RUST_LOG = "info";
+      };
+      restart = "always";
+      networks = [
+        "dmz"
+      ];
+    };
+  };
+}
diff --git a/hosts/franz/arion/signal/arion-pkgs.nix b/hosts/franz/arion/signal/arion-pkgs.nix
new file mode 100644
index 0000000..69aad13
--- /dev/null
+++ b/hosts/franz/arion/signal/arion-pkgs.nix
@@ -0,0 +1,6 @@
+# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
+import <nixpkgs> {
+  # We specify the architecture explicitly. Use a Linux remote builder when
+  # calling arion from other platforms.
+  system = "x86_64-linux";
+}
diff --git a/hosts/franz/arion/signal/default.nix b/hosts/franz/arion/signal/default.nix
new file mode 100644
index 0000000..504aadf
--- /dev/null
+++ b/hosts/franz/arion/signal/default.nix
@@ -0,0 +1,7 @@
+{config, ...}: {
+  virtualisation.arion = {
+    projects.infrastructure.settings = {
+      imports = [./arion-compose.nix];
+    };
+  };
+}