diff --git a/Acornfile b/Acornfile
index df7cc7d..1389710 100644
--- a/Acornfile
+++ b/Acornfile
@@ -3,29 +3,57 @@ description: "Running Mastodon on Acorn"
 readme:      "./README.md"
 icon:        "./mastodon.svg"
 
-
-services: postgres: {
-	image: "ghcr.io/acorn-io/postgres:v#.#-#"
+services: postgres: image: "ghcr.io/acorn-io/postgres:v#.#-#"
+services: redis: image: "ghcr.io/acorn-io/redis:v#.#.#-#" 
+services: mariadb: {
+    image: "ghcr.io/acorn-io/mariadb:v10.#.#-#"
+    env: {
+        MARIADB_DATABASE: "postal"
+        MARIADB_ROOT_PASSWORD: "postal"
+        MARIADB_ALLOW_EMPTY_PASSWORD: "yes"
+        MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: "yes"
+    }
+}
+services: rabbitmq: {
+    image: "ghcr.io/kedacore/rabbitmq-client:v1.0"
+    env: {
+        RABBITMQ_DEFAULT_USER: "postal"
+        RABBITMQ_DEFAULT_PASS: "postal"
+        RABBITMQ_DEFAULT_VHOST: "postal"
+    }
 }
-
-services: redis: image: "ghcr.io/acorn-io/redis:v#.#.#-#"         
-
 
 args: {
     smtp_port: "587"
     smtp_server: ""
     smtp_login: ""
-    smtp_password: ""
     smtp_auth_method: "plain"
     smtp_openssl_verify_mode: "none"
     smtp_from_address: "AcornSocial <notification@on-acorn.io>"
 }
 
 containers:  {
+    postal: {
+        image: "ghcr.io/postalserver/postal:2.1.4"
+        consumes: ["mariadb", "rabbitmq"]
+        entrypoint: "/docker-entrypoint.sh"
+        dirs: {
+            "/config" : "./conf/postal"
+        }
+        env: {
+            POSTAL_CONFIG_ROOT: "/config"
+            KATAPULT_CONFIG_FILE: "/ci-config.yml"
+            WAIT_FOR_TIMEOUT: "90"
+            WAIT_FOR_TARGETS: """
+                mariadb:3306
+                rabbitmq:5672
+            """
+        }
+    }
     web: {
         image: "ghcr.io/mastodon/mastodon:v4.2.0" 
         cmd: ["bash", "-c", "mkdir /mastodon/public/system; bundle exec rake db:setup; rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"]
-        ports: publish:"3000:3000/http"
+        ports: publish: "3000:3000/http"
         consumes: ["postgres", "redis"]
         env:{
             LOCAL_DOMAIN: "on-acorn.io"
@@ -41,7 +69,7 @@ containers:  {
             SMTP_PORT: args.smtp_port
             SMTP_SERVER: args.smtp_server
             SMTP_LOGIN: args.smtp_login
-            SMTP_PASSWORD: args.smtp_password
+            SMTP_PASSWORD: "secret://smtp-sec/password"
             SMTP_AUTH_METHOD: args.smtp_auth_method
             SMTP_OPENSSL_VERIFY_MODE: args.smtp_openssl_verify_mode
             SMTP_FROM_ADDRESS: args.smtp_from_address
@@ -68,7 +96,7 @@ containers:  {
             SMTP_PORT: args.smtp_port
             SMTP_SERVER: args.smtp_server
             SMTP_LOGIN: args.smtp_login
-            SMTP_PASSWORD: args.smtp_password
+            SMTP_PASSWORD: "secret://smtp-sec/password"
             SMTP_AUTH_METHOD: args.smtp_auth_method
             SMTP_OPENSSL_VERIFY_MODE: args.smtp_openssl_verify_mode
             SMTP_FROM_ADDRESS: args.smtp_from_address
@@ -94,7 +122,7 @@ containers:  {
             SMTP_PORT: args.smtp_port
             SMTP_SERVER: args.smtp_server
             SMTP_LOGIN: args.smtp_login
-            SMTP_PASSWORD: args.smtp_password
+            SMTP_PASSWORD: "secret://smtp-sec/password"
             SMTP_AUTH_METHOD: args.smtp_auth_method
             SMTP_OPENSSL_VERIFY_MODE: args.smtp_openssl_verify_mode
             SMTP_FROM_ADDRESS: args.smtp_from_address
@@ -114,7 +142,6 @@ containers:  {
             WEB_ENDPOINT: "@{services.web.endpoint}"
         }
         cmd: ["/bin/bash", "-c", "envsubst '$${NGINX_ENDPOINT},$${STREAMING_ENDPOINT},$${WEB_ENDPOINT}' < /etc/nginx/conf.d/mastodon.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"]
-        dependsOn: ["web","streaming","sidekiq"]
+        dependsOn: ["postal","web","streaming","sidekiq"]
     }
-
 }
diff --git a/conf/postal/postal.test.yml b/conf/postal/postal.test.yml
new file mode 100644
index 0000000..982fcec
--- /dev/null
+++ b/conf/postal/postal.test.yml
@@ -0,0 +1,51 @@
+general:
+  use_ip_pools: false
+
+web_server:
+  bind_address: 127.0.0.1
+  port: 5000
+
+smtp_server:
+  port: 2525
+
+logging:
+  stdout: false
+
+main_db:
+  host: mariadb
+  username: root
+  password:
+  database: postal
+
+message_db:
+  host: mariadb
+  username: root
+  password:
+  prefix: postal
+
+rabbitmq:
+  host: rabbitmq
+  username: guest
+  password: guest
+  vhost: null
+
+dns:
+  mx_records:
+    - mx.postal.example.com
+  smtp_server_hostname: postal.example.com
+  spf_include: spf.postal.example.com
+  return_path: rp.postal.example.com
+  route_domain: routes.postal.example.com
+  track_domain: track.postal.example.com
+
+smtp:
+  host: 127.0.0.1
+  port: 2525
+  username:
+  password:
+  from_name: Postal
+  from_address: postal@yourdomain.com
+
+rails:
+  secret_key: 5e82ca222ccc8642fb38a8ea4b847408b983b42a497ec16b499ed89ba506a4edcab8ac015b32dbd1ea620119484e0c1dc056f97b4b37cd29146192df5ccd6abec345a0125c424daad12430a4796d108197c746f5eb8e9e1faa36a8ff8d0c5a9cf00191f997c354341fd656ca0ef9d7b40a37ea4b1b1e78fe9030fa9990dbb662
+  environment: test
diff --git a/conf/postal/signing.key b/conf/postal/signing.key
new file mode 100644
index 0000000..4c48285
--- /dev/null
+++ b/conf/postal/signing.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDWt+8XMJEoeOd5DW0ETcj7oklUiyd39h71ZsBxlZSOSydsb+ft
+26C/dfJmT/1W38oxhct1iuRN6ETNHNeLtwrysxhpmSiea/eU8Iv3s4WVgdTJyneT
+H++yuXwOyEmb1opc7igSRfbFLkeVcYm45rnzbjf/26UaFwmtZlxPI0LZrQIDAQAB
+AoGAA8cOpMjM9PpTkDSlQ1se+xZa1erw0dJ5rvWU0yq/h1VZJzY8zVl81YF8t0IX
+Ae1EAGULNFEyPRCmDTnBrQqWXbB5bqZIROKT+1Ruo1Kg6OUsrSDK3cDWYM2lInB/
+/CXKo4pv82Zh9iS9qj7URFOEzEX43KNXCrfrLSOVRp+xnB0CQQDzxOhujaSqGlXW
+wLdrTPRWp63SNbkhWK8FXnkeoyH02EvlWSIGQL2deDaOQk9VKd7kCes9MyWC9d7L
+FO/e7GdDAkEA4X3ieo3Wted69PG3c+jN//nA1WZdgHKucGkOTk1MakqG6kf7DeVt
+Uj2AFR8wxtKDYi9G+YxdKb+lI/T0CI9UTwJBALwf3UTcWRTRiCdYyPStCfAKLbIJ
+tdrPRxr8orqLKPx9JG1WEVUEB5GMIYY+FF1kF9ii8wFjBHMB7rOJb+j5RmMCQA27
+U8pwzs1/Dj7SZYCagcj/1Z1pQXJsCXFxBF0CWg/y/+pOfdxnx1OFyUIAB0FkWnnl
+NSZHRPkg4Zah+SZ4TAMCQQDid1Cp6nhlntpOANWIXxkJJuDVYepQN1AgCvwZ3OMl
+jOfmHNFkXlzb4EYr+uoab2cXV3TNVtau7Z5/Se1ZTVSp
+-----END RSA PRIVATE KEY-----