activationScripts don’t have access to a $PATH, as far as they are concerned docker isn’t installed (because it’s somewhere in /nix/store and the system hasn’t been activated yet, i.e. the the store hasn’t been made into a system with a PATH).
You can make the scripts directly use the binaries from derivations though:
After all, this snippet must still function even if you never install docker, at least from the perspective of activationScripts.
This is generally a good pattern in the nix world, since it explicitly states the dependencies of your scripts, so you know why they’re there and they aren’t included if the scripts are never used - for system config scripts like this at least. For real scripts write proper derivations and resolve their dependencies
As for the approach, I prefer the systemd oneshot, simply because it makes it easier to manage, via proper logging and systemctl to toggle things later on. In practice I think both will function, but managing the docker daemon exclusively declaratively is a challenge…