High Level Design
Secure MQTT Broker
The MQTT Broker named Mosquitto is installed on the OpenWRT Wifi router. Running the MQTT Broker on the Wifi router is an experiment, which has so far worked just fine. However, the MQTT Broker could be run on any other computer on the same local area network (LAN). You could even run it on a Raspberry PI if performance isn’t a strict requirement.
Secure ESP8266 MQTT Client
Again, there are many tutorials on how to program the ESP8266 as an MQTT Client. But it's hard to find a single source clearly describing how to program the ESP8266 as a secure MQTT Client. As a long time software engineer I know how important security is these days.
AVR SPI Slave
The original plan was to connect peripherals directly to the ESP8266 data pins but I ran out of pins very quickly. Since I had an unused ATmega168 lying around I though “what the heck” and connected the two chips via SPI with the ESP8266 as the master and the ATmega as the slave. In additions to giving me a lot more data pins this scheme also gave me 5v tolerance. I’m also very happy I went this route because it has led to a number of additional useful ideas, which I will come to later.