How would I go about building a private libp2p network?

I know that libp2p is often used in a public software but I am looking to use it for private controlled environments. I don’t want just anyone to be able to connect to a peer so I would like to set everything up in a way that is private. Since I will be configuring the network I also don’t really need NAT traversal or anything like that. (I control the firewalls and DHCP)

Can someone give me a high level explanation of how this would work?

For context I am looking to build a secure gossippub based application

One way to go about it is with a custom application score.

You can score an unidentified peer deeply negative before you perform your own handshake, and then restore it once it has been authorized.

It’s a network level feature. You have multiple options:

1. put the peers on the same restricted virtual network using a VPN like wireguard and use direct TCP / UDP connections
2. have public TCP / UDP endpoint but use some kind of authentication like http header in a websocket connection (or the equivalent on webtransport but I don’t know how to achieve this)
3. keep fully public p2p network, but control the peers at the pubsub level, for example by having a secret topic (I do not know if it can be secure) or have a peer whitelist used to filter incoming messages

The solution that will suits your needs the best depends on the way you want to accept new peers in the network.

I am looking to just have a shared secret for the moment. In the future I am looking to per peer authorization for security but for now that is out of the question.

Have you looked at the pnet feature of libp2p? See the specification here.

As you also mentioned, it works over a shared secret key.