diff --git a/.gitea/workflows/nightly.yml b/.gitea/workflows/nightly.yml
index 63ec0b03..396be5b3 100644
--- a/.gitea/workflows/nightly.yml
+++ b/.gitea/workflows/nightly.yml
@@ -136,8 +136,9 @@ jobs:
         # Gitea is always the single source of truth for secret rotation.
         # Non-secret config lives in infra/observability/obs.env (tracked in git).
         run: |
+          rm -rf /opt/familienarchiv/infra/observability
           mkdir -p /opt/familienarchiv/infra/observability
-          rsync -a --delete infra/observability/ /opt/familienarchiv/infra/observability/
+          cp -r infra/observability/. /opt/familienarchiv/infra/observability/
           cp docker-compose.observability.yml /opt/familienarchiv/
           cat > /opt/familienarchiv/obs-secrets.env <<'EOF'
           GRAFANA_ADMIN_PASSWORD=${{ secrets.GRAFANA_ADMIN_PASSWORD }}
diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index 041ffa09..c7520e35 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -104,8 +104,9 @@ jobs:
         # then writes obs-secrets.env fresh from Gitea secrets.
         # Non-secret config lives in infra/observability/obs.env (tracked in git).
         run: |
+          rm -rf /opt/familienarchiv/infra/observability
           mkdir -p /opt/familienarchiv/infra/observability
-          rsync -a --delete infra/observability/ /opt/familienarchiv/infra/observability/
+          cp -r infra/observability/. /opt/familienarchiv/infra/observability/
           cp docker-compose.observability.yml /opt/familienarchiv/
           cat > /opt/familienarchiv/obs-secrets.env <<'EOF'
           GRAFANA_ADMIN_PASSWORD=${{ secrets.GRAFANA_ADMIN_PASSWORD }}