How would I go about building a private libp2p network?

I know that libp2p is often used in a public software but I am looking to use it for private controlled environments. I don’t want just anyone to be able to connect to a peer so I would like to set everything up in a way that is private. Since I will be configuring the network I also don’t really need NAT traversal or anything like that. (I control the firewalls and DHCP)

Can someone give me a high level explanation of how this would work?

For context I am looking to build a secure gossippub based application

One way to go about it is with a custom application score.

You can score an unidentified peer deeply negative before you perform your own handshake, and then restore it once it has been authorized.

It’s a network level feature. You have multiple options:

1. put the peers on the same restricted virtual network using a VPN like wireguard and use direct TCP / UDP connections
2. have public TCP / UDP endpoint but use some kind of authentication like http header in a websocket connection (or the equivalent on webtransport but I don’t know how to achieve this)
3. keep fully public p2p network, but control the peers at the pubsub level, for example by having a secret topic (I do not know if it can be secure) or have a peer whitelist used to filter incoming messages

The solution that will suits your needs the best depends on the way you want to accept new peers in the network.

I am looking to just have a shared secret for the moment. In the future I am looking to per peer authorization for security but for now that is out of the question.