diff --git a/mkosi.extra/usr/lib/sysupdate.d/50-root-x86-64-erofs.conf b/mkosi.extra/usr/lib/sysupdate.d/50-root-x86-64-erofs.conf
index ba8f517..473acbf 100644
--- a/mkosi.extra/usr/lib/sysupdate.d/50-root-x86-64-erofs.conf
+++ b/mkosi.extra/usr/lib/sysupdate.d/50-root-x86-64-erofs.conf
@@ -7,8 +7,8 @@ AppStream=https://invent.kde.org/kde-linux/kde-linux/-/raw/master/org.kde.linux.
 
 [Source]
 Type=url-file
-Path=https://files.kde.org/kde-linux
-MatchPattern=sysupdate/v2/kde-linux_@v_root-x86-64.erofs
+Path=https://files.kde.org/kde-linux/sysupdate/v2/
+MatchPattern=kde-linux_@v_root-x86-64.erofs
 
 [Target]
 Type=regular-file
diff --git a/mkosi.extra/usr/lib/sysupdate.d/60-esp.conf b/mkosi.extra/usr/lib/sysupdate.d/60-esp.conf
index bf5fec8..5350af5 100644
--- a/mkosi.extra/usr/lib/sysupdate.d/60-esp.conf
+++ b/mkosi.extra/usr/lib/sysupdate.d/60-esp.conf
@@ -7,8 +7,8 @@ AppStream=https://invent.kde.org/kde-linux/kde-linux/-/raw/master/org.kde.linux.
 
 [Source]
 Type=url-file
-Path=https://files.kde.org/kde-linux
-MatchPattern=sysupdate/v2/kde-linux_@v.efi
+Path=https://files.kde.org/kde-linux/sysupdate/v2/
+MatchPattern=kde-linux_@v.efi
 
 [Target]
 Type=regular-file
diff --git a/upload.sh b/upload.sh
index f3b1f37..555d9f1 100755
--- a/upload.sh
+++ b/upload.sh
@@ -8,7 +8,8 @@ set -eux
 export SSH_IDENTITY="$PWD/.secure_files/ssh.key"
 export SSH_USER=kdeos
 export SSH_HOST=origin.files.kde.org
-export SSH_PATH=/home/kdeos/kde-linux
+export SSH_ROOT_PATH=/home/kdeos/kde-linux/
+export SSH_PATH=$SSH_ROOT_PATH/sysupdate/v2/
 export SSH_REALLY_DELETE=1
 
 chmod 600 "$SSH_IDENTITY"
@@ -20,28 +21,23 @@ go -C ./upload-vacuum/ build -o upload-vacuum .
 sudo chown -Rvf "$(id -u):$(id -g)" "$PWD/.secure_files" # Make sure we have access
 export GNUPGHOME="$PWD/.secure_files/gpg"
 gpg --verbose --no-options --homedir="$GNUPGHOME" --import "$PWD/.secure_files/gpg.private.key"
-REMOTE=$SSH_USER@$SSH_HOST:$SSH_PATH
+REMOTE_ROOT=$SSH_USER@$SSH_HOST:$SSH_ROOT_PATH
+REMOTE_PATH=$SSH_USER@$SSH_HOST:$SSH_PATH
 # You can use `ssh-keyscan origin.files.kde.org` to get the host key
 echo "origin.files.kde.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILUjdH4S7otYIdLUkOZK+owIiByjNQPzGi7GQ5HOWjO6" >> ~/.ssh/known_hosts
 
 # The initial SHA256SUMS file is created by the vacuum script based on what is left on the server. We append to it.
 
-sysupdate_dir=sysupdate/v2
-mkdir -p "$sysupdate_dir"
-mv ./*.efi ./*.tar.zst ./*.erofs ./*.caibx "$sysupdate_dir"
-
 # We need shell globs here! More readable this way. Ignore shellcheck.
 # shellcheck disable=SC2129
-sha256sum -- *.raw >> SHA256SUMS
-sha256sum -- *.torrent >> SHA256SUMS
-sha256sum -- ${sysupdate_dir}/*.efi >> SHA256SUMS
-sha256sum -- ${sysupdate_dir}/*.tar.zst >> SHA256SUMS
-sha256sum -- ${sysupdate_dir}/*.erofs >> SHA256SUMS
+sha256sum -- *.efi >> SHA256SUMS
+sha256sum -- *.tar.zst >> SHA256SUMS
+sha256sum -- *.erofs >> SHA256SUMS
 # Don't put caibx into the SHA256SUMS, it will break file matching.
 # https://github.com/systemd/systemd/issues/38605
 
 gpg --homedir="$GNUPGHOME" --output SHA256SUMS.gpg --detach-sign SHA256SUMS
 
-scp -i "$SSH_IDENTITY" ./*.raw ./*.torrent "$REMOTE"
-scp -r -i "$SSH_IDENTITY" "sysupdate/" "$REMOTE"
-scp -i "$SSH_IDENTITY" SHA256SUMS SHA256SUMS.gpg "$REMOTE" # upload as last artifact to finalize the upload
+scp -i "$SSH_IDENTITY" ./*.raw ./*.torrent "$REMOTE_ROOT"
+scp -i "$SSH_IDENTITY" ./*.efi ./*.tar.zst ./*.erofs ./*.caibx "$REMOTE_PATH"
+scp -i "$SSH_IDENTITY" SHA256SUMS SHA256SUMS.gpg "$REMOTE_PATH" # upload as last artifact to finalize the upload