feat: add database type validation and conditional DB vars to common.sh

Add validate_db_type() accepting sqlite3/mysql/postgres/mssql. Update
GITEA_DB_TYPE validator from nonempty to db_type. Add conditional DB
validation arrays (host, port, name, user, passwd) required when DB
type is not sqlite3. Rename SSL conditional arrays for clarity.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

lib/common.sh

@@ -177,6 +177,10 @@ validate_ssl_mode() {
   [[ "$1" == "letsencrypt" ]] || [[ "$1" == "existing" ]]
 }
 
+validate_db_type() {
+  [[ "$1" == "sqlite3" ]] || [[ "$1" == "mysql" ]] || [[ "$1" == "postgres" ]] || [[ "$1" == "mssql" ]]
+}
+
 validate_positive_integer() {
   [[ "$1" =~ ^[1-9][0-9]*$ ]]
 }
@@ -225,7 +229,7 @@ _ENV_VAR_TYPES=(
   ip nonempty port
   port port path
   nonempty password email
-  nonempty nonempty nonempty nonempty nonempty
+  nonempty nonempty db_type nonempty nonempty
   nonempty url
   url nonempty
   path integer
@@ -240,9 +244,13 @@ _ENV_VAR_TYPES=(
 )
 
 # Conditional variables — validated only when SSL_MODE matches.
-_ENV_CONDITIONAL_NAMES=(SSL_EMAIL SSL_CERT_PATH SSL_KEY_PATH)
-_ENV_CONDITIONAL_TYPES=(email     path          path)
-_ENV_CONDITIONAL_WHEN=( letsencrypt existing    existing)
+_ENV_CONDITIONAL_SSL_NAMES=(SSL_EMAIL SSL_CERT_PATH SSL_KEY_PATH)
+_ENV_CONDITIONAL_SSL_TYPES=(email     path          path)
+_ENV_CONDITIONAL_SSL_WHEN=( letsencrypt existing    existing)
+
+# Conditional variables — validated only when GITEA_DB_TYPE is NOT sqlite3.
+_ENV_CONDITIONAL_DB_NAMES=(GITEA_DB_HOST GITEA_DB_PORT GITEA_DB_NAME GITEA_DB_USER GITEA_DB_PASSWD)
+_ENV_CONDITIONAL_DB_TYPES=(nonempty      port          nonempty      nonempty      password)
 
 # Optional variables — validated only when non-empty (never required).
 _ENV_OPTIONAL_NAMES=(UNRAID_SSH_KEY FEDORA_SSH_KEY LOCAL_REGISTRY)
@@ -263,6 +271,7 @@ _validator_hint() {
     nonempty)         echo "cannot be empty" ;;
     password)         echo "must be at least 8 characters" ;;
     ssl_mode)         echo "must be letsencrypt or existing" ;;
+    db_type)          echo "must be sqlite3, mysql, postgres, or mssql" ;;
     optional)         echo "any value or empty" ;;
     *)                echo "invalid" ;;
   esac
@@ -289,10 +298,10 @@ validate_env() {
 
   # Validate conditional variables (SSL_MODE-dependent)
   local ssl_mode="${SSL_MODE:-}"
-  for ((i = 0; i < ${#_ENV_CONDITIONAL_NAMES[@]}; i++)); do
-    var_name="${_ENV_CONDITIONAL_NAMES[$i]}"
-    var_type="${_ENV_CONDITIONAL_TYPES[$i]}"
-    local required_when="${_ENV_CONDITIONAL_WHEN[$i]}"
+  for ((i = 0; i < ${#_ENV_CONDITIONAL_SSL_NAMES[@]}; i++)); do
+    var_name="${_ENV_CONDITIONAL_SSL_NAMES[$i]}"
+    var_type="${_ENV_CONDITIONAL_SSL_TYPES[$i]}"
+    local required_when="${_ENV_CONDITIONAL_SSL_WHEN[$i]}"
 
     if [[ "$ssl_mode" != "$required_when" ]]; then
       continue
@@ -308,6 +317,24 @@ validate_env() {
     fi
   done
 
+  # Validate conditional variables (DB_TYPE-dependent — required when NOT sqlite3)
+  local db_type="${GITEA_DB_TYPE:-sqlite3}"
+  if [[ "$db_type" != "sqlite3" ]]; then
+    for ((i = 0; i < ${#_ENV_CONDITIONAL_DB_NAMES[@]}; i++)); do
+      var_name="${_ENV_CONDITIONAL_DB_NAMES[$i]}"
+      var_type="${_ENV_CONDITIONAL_DB_TYPES[$i]}"
+      value="${!var_name:-}"
+
+      if [[ -z "$value" ]]; then
+        log_error "  → $var_name is empty (required when GITEA_DB_TYPE=$db_type, $(_validator_hint "$var_type"))"
+        errors=$((errors + 1))
+      elif ! "validate_${var_type}" "$value"; then
+        log_error "  → $var_name='$value' ($(_validator_hint "$var_type"))"
+        errors=$((errors + 1))
+      fi
+    done
+  fi
+
   # Validate optional variables (only when non-empty)
   for ((i = 0; i < ${#_ENV_OPTIONAL_NAMES[@]}; i++)); do
     var_name="${_ENV_OPTIONAL_NAMES[$i]}"