fix(caddy): add SNI connection_policy to layer4 TLS block and anchor redis.libnovel.cc cert

Without a connection_policy, Caddy resolved the TLS cert by the Docker
internal IP (172.18.0.5) instead of the hostname, causing TLS handshake
failures on :6380 (rediss:// from prod backend → homelab Redis / Asynq).

Changes:
- Caddyfile: add connection_policy { match { sni redis.libnovel.cc } } to
  the layer4 :6380 tls handler so Caddy picks the correct cert
- Caddyfile: add redis.libnovel.cc virtual-host block (respond 404) to
  force Caddy to obtain and cache a TLS cert for that hostname
- homelab/docker-compose.yml: add REDIS_ADDR, REDIS_PASSWORD,
  LIBRETRANSLATE_URL, LIBRETRANSLATE_API_KEY, and
  RUNNER_MAX_CONCURRENT_TRANSLATION to the runner service for parity with
  homelab/runner/docker-compose.yml

Caddyfile

@@ -65,7 +65,13 @@
 		:6380 {
 			route {
 				tls {
-				proxy {
+					connection_policy {
+						match {
+							sni redis.libnovel.cc
+						}
+					}
+				}
+				proxy {
 					upstream {$HOMELAB_REDIS_ADDR:192.168.0.109:6379}
 				}
 			}
@@ -274,3 +280,12 @@ search.libnovel.cc {
 	reverse_proxy meilisearch:7700
 }
 
+# ── Redis TLS cert anchor ─────────────────────────────────────────────────────
+# This virtual host exists solely so Caddy obtains and caches a TLS certificate
+# for redis.libnovel.cc.  The layer4 block above uses that cert to terminate TLS
+# on :6380 (Asynq job-queue channel from prod → homelab Redis).
+# The HTTP route itself just returns 404 — no real traffic expected here.
+redis.libnovel.cc {
+	respond 404
+}
+}

homelab/docker-compose.yml

@@ -58,6 +58,14 @@ services:
       VALKEY_ADDR: ""
       GODEBUG: "preferIPv4=1"
 
+      # ── LibreTranslate (internal Docker network) ──────────────────────────
+      LIBRETRANSLATE_URL: "http://libretranslate:5000"
+      LIBRETRANSLATE_API_KEY: "${LIBRETRANSLATE_API_KEY}"
+
+      # ── Asynq / Redis ─────────────────────────────────────────────────────
+      REDIS_ADDR: "redis:6379"
+      REDIS_PASSWORD: "${REDIS_PASSWORD}"
+
       KOKORO_URL: "http://kokoro-fastapi:8880"
       KOKORO_VOICE: "${KOKORO_VOICE}"
 
@@ -67,6 +75,7 @@ services:
       RUNNER_POLL_INTERVAL: "${RUNNER_POLL_INTERVAL}"
       RUNNER_MAX_CONCURRENT_SCRAPE: "${RUNNER_MAX_CONCURRENT_SCRAPE}"
       RUNNER_MAX_CONCURRENT_AUDIO: "${RUNNER_MAX_CONCURRENT_AUDIO}"
+      RUNNER_MAX_CONCURRENT_TRANSLATION: "${RUNNER_MAX_CONCURRENT_TRANSLATION}"
       RUNNER_TIMEOUT: "${RUNNER_TIMEOUT}"
       RUNNER_METRICS_ADDR: "${RUNNER_METRICS_ADDR}"
       RUNNER_SKIP_INITIAL_CATALOGUE_REFRESH: "true"