Running docker within a container?

I’m trying to set up a NixOS container from which to run docker images. The container isn’t able to start docker instances because:

Mar 04 22:03:23 docker-host docker[863]: /nix/store/jmxkz7wqs5ln1vlgsh8zd0hmqzxbcpgy-docker-19.03.5/libexec/docker/docker: Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "process_linux.go:297: applying cgroup configuration for process caused \"mkdir /sys/fs/cgroup/cpuset/docker/54e82a476fb76089dcb9db0eacd7aa767da72752e6eb7ec96892499ac8ff8979: read-only file system\"": unknown.

This makes sense, letting containers create sub-containers seems a bit dangerous. Can that be overridden, though? Can I bindMount /sys/… rw? I don’t see any container options that seem promising, except ‘capabilities’, but it looks like those don’t cover container creation.

Is this possible?

docker in docker, might seems to be great idea, but it’s not, it’s really not, have you ever seen the film inception, watch it, and when you get to the end, tell me how you feel.

Just because something lets you do something in computer science, it doesn’t automatically make it a great idea or best practise…

good luck