Remove hard dep on Sourcegraph's internal dev-private repo

Created by: ghost

Question description

Hello, first of all I wanted to thank you for such an amazing project

I'm trying to deploy a self-hosted instance of sourcegraph, just to try and see how it goes for us, and if it fits our needs.

The question that I have is regarding the Server image, the one that you find here: https://hub.docker.com/r/sourcegraph/server

The thing is, as far as I see on the repository the server image is built from the enterprise section, which at the same time requires to clone a private repo with build dependencies which we, normal users, don't have access to.

The reason I'm doing this is to set some security configurations by default at built time:

  "auth.public": false,
  "auth.sessionExpiry": "12h",
  "auth.providers": [
    {
      "type": "builtin",
      "allowSignup": false
    }
  ]

And to somehow set an admin account instead of allowing the first user to become admin automatically, which, in case of a server restart -we don't use persistent storage-, could allow any user to become admin and disclose repositories information

We firmly believe in open source, so revealing our repositories to the public domain is not a problem -many of our repos are open source-. However the repositories that we'll be hosting are not ours.

Additional context

I know you can set those options on the management console. But it's not an option for us as a company since we follow a philosophy of inmutable and stateless infrastructure, so the Docker image needs to be deployed to servers completely configured, with no hands involved after deployment.

thank you so much for your time and help in advance