I see that a couple of years ago, post-quantum was a "5+ year horizon" project. Is that still the case?
NTRUEncrypt in SSL and GPG encryption
As the final comment on that thread said, a two-layer approach, with something currently trusted like RSA, plus a (less-than-completely-proven) quantum safe layer, should be a safe transition: at least as secure as RSA, and as quantum safe as we can guess anything to be at this point.
The NIST post-quantum crypto competition is currently underway. When it is completed, NIST will be ready to issue a new standard for post-quantum cryptography. Until this happens, many people are reluctant to roll out their own favorite PQ scheme. There are three specific projects which are working on post-quantum cryptography (specifically PQ key exchange) that I can think of:
WolfSSL is a TLS library which supports NTRUEncrypt in its cipher suites.
The Tor Project has an open ticket for introducing a hybrid handshake into the protocol.
Google has been experimenting with their CECPQ1 algorithm recently.
Many post-quantum designs are actually hybrid designs. Both Tor Project's and Google's designs combine x25519 with NewHope so that, if a classical algorithm is found that can break the relatively new lattice-based crypto, the handshake is still at least as secure as x25519.
