diff --git a/app-configs/rinoa/homepage/services.yaml.j2 b/app-configs/rinoa/homepage/services.yaml.j2
index 40b61e0..8a36b18 100644
--- a/app-configs/rinoa/homepage/services.yaml.j2
+++ b/app-configs/rinoa/homepage/services.yaml.j2
@@ -20,6 +20,25 @@
 #        href: http://localhost/
 #        description: Homepage is 😎
 
+- System Administration:
+    - PatchMon
+        href: https://patch.trez.wtf
+        description: Patch management for *NIX and Windows
+        icon: patchmon.svg
+        weight: 0
+        widget:
+            type: customapi
+            url: http://192.168.1.252:3000/api/v1/gethomepage/stats
+            headers:
+                Authorization: Basic {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token)['secret']['PATCHMON_API_BASE64_CREDS'] }}
+            mappings:
+                - field: total_hosts
+                  label: Total Hosts
+                - field: hosts_needing_updates
+                  label: Needs Updates
+                - field: security_updates
+                  label: Security Updates
+
 - Automation:
     - Home Assistant (Rikku):
         href: https://ha.trez.wtf
diff --git a/app-configs/rinoa/homepage/settings.yaml.j2 b/app-configs/rinoa/homepage/settings.yaml.j2
index a8f27f2..b88f3be 100644
--- a/app-configs/rinoa/homepage/settings.yaml.j2
+++ b/app-configs/rinoa/homepage/settings.yaml.j2
@@ -23,7 +23,7 @@ provider: duckduckgo
 layout:
   System Administration:
     style: row
-    columns: 5
+    columns: 4
   Infrastructure/App Performance Monitoring:
     style: row
     columns: 5
diff --git a/app-configs/rinoa/swag/nginx/proxy-confs/patchmon.subdomain.conf b/app-configs/rinoa/swag/nginx/proxy-confs/patchmon.subdomain.conf
new file mode 100644
index 0000000..bde3dfc
--- /dev/null
+++ b/app-configs/rinoa/swag/nginx/proxy-confs/patchmon.subdomain.conf
@@ -0,0 +1,47 @@
+## Version 2025/07/18
+# make sure that your <container_name> container is named <container_name>
+# make sure that your dns has a cname set for <container_name>
+
+server {
+    listen 443 ssl;
+    #    listen 443 quic;
+    listen [::]:443 ssl;
+    #    listen [::]:443 quic;
+
+    server_name patch.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+    # enable for Tinyauth (requires tinyauth-location.conf in the location block)
+    #include /config/nginx/tinyauth-server.conf;
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+        # enable for Tinyauth (requires tinyauth-server.conf in the server block)
+        #include /config/nginx/tinyauth-location.conf;
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app 192.168.1.252;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}