Also CC @mikroskeem who created the Docker 20.10 PR

LGTM 👍 Test passed locally (and now I know how to run them)

I don't think this change is a solution to the real problem. We should be able to rely on socket activation, making the system more robust.

The hanging behavior was probably caused by this change #108960 (review) replacing systemd's socket by docker's own socket.

1. systemd creates sockets
2. test runs docker client, which waits for its connection to be accepted
3. docker starts and replaces the socket
4. client waits infinitely for the original socket and can't use docker's new socket

The explanation for why #108960 broke the tests sounds plausible, but now i'm confused as to whether socket activation for the docker daemon is a thing currently, since the module has this line:

    (mkRemovedOptionModule ["virtualisation" "docker" "socketActivation"] "This option was removed in favor of starting docker at boot")

Socket activation for Docker is working just fine - see #108960 (review)

Just for testing sake:

{ config, pkgs, lib, ... }:
{
  systemd.services.docker.serviceConfig.ExecStart = with lib; let
    cfg = config.virtualisation.docker;
  in [
    ""
            ''
              ${cfg.package}/bin/dockerd \
                --group=docker \
                --host=fd:// \
                --log-driver=${cfg.logDriver} \
                ${optionalString (cfg.storageDriver != null) "--storage-driver=${cfg.storageDriver}"} \
                ${optionalString cfg.liveRestore "--live-restore" } \
                ${optionalString cfg.enableNvidia "--add-runtime nvidia=${pkgs.nvidia-docker}/bin/nvidia-container-runtime" } \
                ${cfg.extraOptions}
            ''
  ];
  virtualisation.docker.enable = true;
  virtualisation.docker.listenOptions = ["/tmp/docker.sock" "/run/docker.sock"];
}

This reverts the rogue change I introduced and passes two unix sockets to Docker daemon. You can see from the logs that:

Jan 15 15:48:49 nixos dockerd[11567]: time="2021-01-15T15:48:49.419707431+02:00" level=info msg="Daemon has completed initialization"
Jan 15 15:48:49 nixos dockerd[11567]: time="2021-01-15T15:48:49.430896238+02:00" level=info msg="API listen on /tmp/docker.sock"
Jan 15 15:48:49 nixos dockerd[11567]: time="2021-01-15T15:48:49.433524303+02:00" level=info msg="API listen on /run/docker.sock"

socket activation actually works.

Okay, then we should change the warning for virtualisation.docker.socketActivation to something like "Socket activation is now the default and this option no longer has any effect", revert the fd->unix change and the changes from this PR.